summaryrefslogtreecommitdiff
path: root/resources/scripts/update/blobs
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-08-24 20:19:41 +0100
committerLeah Rowe <leah@libreboot.org>2023-08-26 16:58:32 +0100
commit1c8401be25e4749a2eee5ddc77ce7c6ac880c910 (patch)
tree22789efec9b91ffddb21653a30b8591a8b63d3bf /resources/scripts/update/blobs
parent50c395df59564c19d3a24262810c8dd5ed115db5 (diff)
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'resources/scripts/update/blobs')
-rwxr-xr-xresources/scripts/update/blobs/download205
-rwxr-xr-xresources/scripts/update/blobs/extract46
-rwxr-xr-xresources/scripts/update/blobs/inject98
-rwxr-xr-xresources/scripts/update/blobs/mrc49
4 files changed, 232 insertions, 166 deletions
diff --git a/resources/scripts/update/blobs/download b/resources/scripts/update/blobs/download
index c1babd13..422f0b3c 100755
--- a/resources/scripts/update/blobs/download
+++ b/resources/scripts/update/blobs/download
@@ -52,12 +52,15 @@ CONFIG_SMSC_SCH5545_EC_FW_FILE=""
main()
{
+ [ $# -gt 0 ] || \
+ err "No argument given"
+
board="${1}"
boarddir="${cbcfgsdir}/${board}"
- [ ! -d "${boarddir}" ] && \
+ [ -d "${boarddir}" ] || \
err "Board target, ${board}, not defined"
- [ ! -f "${boarddir}/target.cfg" ] && \
+ [ -f "${boarddir}/target.cfg" ] || \
err "Target missing target.cfg"
no_config="printf \"No config for target, %s\\n\" ${board} 1>&2; exit 0"
@@ -65,7 +68,7 @@ main()
[ -f "${x}" ] && no_config=""
done
eval "${no_config}"
-
+
detect_firmware || exit 0
scan_sources_config
@@ -89,7 +92,7 @@ detect_firmware()
[ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \
needs="${needs} SCH5545EC"
[ -z ${needs+x} ] && \
- printf 'No binary blobs needed for this board\n' && \
+ printf "No binary blobs needed for this board\n" && \
return 1
printf "Firmware needed for board '%s':\n%s\n" ${board} ${needs}
}
@@ -155,16 +158,19 @@ build_dependencies()
{
[ -d ${cbdir} ] || \
./fetch_trees coreboot ${cbdir##*/} || \
- err "can't download to ${cbdir}"
+ err "build_dependencies: can't fetch ${cbdir}"
for d in uefitool biosutilities bios_extract me_cleaner; do
[ -d "${d}" ] && continue
- ./fetch ${d} || err "can't download ${d}"
+ ./fetch "${d}" || \
+ err "build_dependencies: can't fetch ${d}"
done
[ -f uefitool/uefiextract ] || \
- ./build src for -b uefitool || err "can't build uefitool"
- [ -f ${cbdir}/util/kbc1126/kbc1126_ec_dump ] || \
+ ./build src for -b uefitool || \
+ err "build_dependencies: can't build uefitool"
+ if [ ! -f ${cbdir}/util/kbc1126/kbc1126_ec_dump ]; then
make -BC ${cbdir}/util/kbc1126 || \
- err "can't build kbc1126_ec_dump"
+ err "build_dependencies: can't build kbc1126_ec_dump"
+ fi
}
download_blobs()
@@ -184,8 +190,9 @@ download_blobs()
esac
done
- [ -z ${_failed+x} ] || \
- err "failed to obtain ${_failed}\nTry manual extraction?"
+ if [ ! -z ${_failed+x} ]; then
+ err "download_blobs: can't download blobs: ${_failed}\n"
+ fi
}
download_blob_intel_me()
@@ -203,11 +210,13 @@ extract_blob_intel_me()
_me_destination=${CONFIG_ME_BIN_PATH#../../}
[ -d "${_me_destination%/*}" ] || \
- mkdir -p ${_me_destination%/*}
- [ -d "${appdir}" ] && \
- rm -Rf ${appdir}
+ mkdir -p ${_me_destination%/*} || \
+ err "extract_blob_intel_me: mkdir ${_me_destination%/*}"
+ [ ! -d "${appdir}" ] || \
+ rm -Rf "${appdir}" || \
+ err "extract_blob_intel_me: can't rm -Rf \"${appdir}\""
if [ -f "${_me_destination}" ]; then
- printf 'me already downloaded\n'
+ printf "Intel ME firmware already downloaded\n" 1>&2
return 0
fi
@@ -216,12 +225,16 @@ extract_blob_intel_me()
innoextract ${dl_path} -d ${appdir} || \
7z x ${dl_path} -o${appdir} || \
unar "${dl_path}" -o "${appdir}" || \
- err "Could not extract vendor update"
+ err "extract_blob_intel_me: could not extract vendor update"
bruteforce_extract_blob_intel_me "$(pwd)/${_me_destination}" \
- "$(pwd)/${appdir}" || err "Could not extract Intel ME firmware"
+ "$(pwd)/${appdir}" || \
+ err "extract_blob_intel_me: could not extract Intel ME firmware"
- printf "Truncated and cleaned me output to ${_me_destination}\n"
+ [ -f "${_me_destination}" ] || \
+ err "extract_blob_intel_me, ${board}: me.bin missing"
+
+ printf "Truncated and cleaned me output to: %s\n" "${_me_destination}"
}
# cursed, carcinogenic code. TODO rewrite it better
@@ -237,7 +250,8 @@ bruteforce_extract_blob_intel_me()
(
printf "Entering %s\n" "${cdir}"
- cd "${cdir}" || err "cannot enter directory, ${cdir}"
+ cd "${cdir}" || \
+ err "bruteforce_extract_blob_intel_me: can't cd \"${cdir}\""
for i in *; do
if [ -f "${_me_destination}" ]; then
# me.bin found, so avoid needless further traversal
@@ -247,37 +261,33 @@ bruteforce_extract_blob_intel_me()
continue
elif [ -f "${i}" ]; then
"${mecleaner}" -r -t -O "${sdir}/vendorfile" \
- -M "${_me_destination}" "${i}" \
- && break # (we found me.bin)
+ -M "${_me_destination}" "${i}" \
+ && break # (we found me.bin)
"${mecleaner}" -r -t -O "${_me_destination}" "${i}" \
- && break # (we found me.bin)
+ && break # (we found me.bin)
"${me7updateparser}" -O ${_me_destination} "${i}" \
- && break # (we found me.bin)
+ && break # (we found me.bin)
_7ztest="${_7ztest}a"
7z x "${i}" -o${_7ztest} \
|| innoextract "${i}" -d "${_7ztest}" \
|| unar "${i}" -o "${_7ztest}" \
|| continue
bruteforce_extract_blob_intel_me "${_me_destination}" \
- "${cdir}/${_7ztest}"
+ "${cdir}/${_7ztest}"
elif [ -d "$i" ]; then
bruteforce_extract_blob_intel_me "${_me_destination}" \
- "${cdir}/${i}"
+ "${cdir}/${i}"
else
printf "SKIPPING: %s\n" "${i}"
continue
fi
cdir="${1}"
- cd "${cdir}"
+ cd "${cdir}" # audit note: we already checked this (see above)
done
)
- rm -Rf "${sdir}"
-
- if [ ! -f "${_me_destination}" ]; then
- printf "me.bin not found in vendor update for: %s\n" ${board}
- return 1
- fi
+ rm -Rf "${sdir}" || \
+ err "bruteforce_extract_blob_intel_me: can't rm -Rf \"${sdir}\""
}
download_ec()
@@ -295,39 +305,48 @@ extract_blob_kbc1126_ec()
_ec_destination=${CONFIG_KBC1126_FW1#../../}
[ -d "${_ec_destination%/*}" ] || \
- mkdir -p "${_ec_destination%/*}"
- [ -d "${appdir}" ] && \
- rm -Rf "${appdir}"
+ mkdir -p "${_ec_destination%/*}" || \
+ err "extract_blob_kbc1126_ec: !mkdir ${_ec_destination%/*}"
+ [ ! -d "${appdir}" ] || \
+ rm -Rf "${appdir}" || \
+ err "extract_blob_kbc1126_ec: !rm -Rf ${appdir}"
if [ -f "${_ec_destination}" ]; then
- printf "ec already downloaded\n"
+ printf "KBC1126 EC firmware already downloaded\n" 1>&2
return 0
fi
- unar "${dl_path}" -o "${appdir}"
+ unar "${dl_path}" -o "${appdir}" || \
+ err "extract_blob_kbc1126_ec: !unar \"${dl_path}\" -o \"${appdir}\""
(
- cd "${appdir}/${dl_path##*/}"
+ cd "${appdir}/${dl_path##*/}" || \
+ err "extract_blob_kbc1126_ec: !cd \"${appdir}/${dl_path##*/}\""
- mv Rompaq/68*.BIN ec.bin
+ mv Rompaq/68*.BIN ec.bin || :
if [ ! -f ec.bin ]; then
unar -D ROM.CAB Rom.bin || \
unar -D Rom.CAB Rom.bin || \
- unar -D 68*.CAB Rom.bin
- mv Rom.bin ec.bin
+ unar -D 68*.CAB Rom.bin || \
+ err "extract_blob_kbc1126_ec: can't extract ec.bin"
+ mv Rom.bin ec.bin || \
+ err "extract_blob_kbc1126_ec: *didn't* extract ec.bin"
fi
+ [ -f ec.bin ] || \
+ err "extract_blob_kbc1126_ec: ${board}: can't extract ec.bin"
- [ -f ec.bin ] || err "could not extract ec.bin for board, ${board}"
- "${kbc1126_ec_dump}" ec.bin
+ "${kbc1126_ec_dump}" ec.bin || \
+ err "extract_blob_kbc1126_ec: ${board}: can't extract ecfw1/2.bin"
)
+ ec_ex="y"
for i in 1 2; do
- [ -f "${appdir}/${dl_path##*/}/ec.bin.fw${i}" ] && continue
- printf "Could not extract EC firmware for: %s\n" \
- ${board}
- return 1
+ [ -f "${appdir}/${dl_path##*/}/ec.bin.fw${i}" ] || ec_ex="n"
done
+ [ "${ec_ex}" = "y" ] || \
+ err "extract_blob_kbc1126_ec: ${board}: didn't extract ecfw1/2.bin"
- cp "${appdir}/${dl_path##*/}"/ec.bin.fw* "${_ec_destination%/*}/"
+ cp "${appdir}/${dl_path##*/}"/ec.bin.fw* "${_ec_destination%/*}/" || \
+ err "extract_blob_kbc1126_ec: cant mv ecfw1/2 ${_ec_destination%/*}"
}
download_e6400vga()
@@ -345,37 +364,41 @@ extract_e6400vga()
_vga_destination=${CONFIG_VGA_BIOS_FILE#../../}
if [ -f "${_vga_destination}" ]; then
- printf 'vga rom already downloaded\n'
+ printf "extract_e6400vga: vga rom already downloaded\n" 1>&2
return 0
fi
[ -d "${_vga_destination%/*}" ] || \
- mkdir -p ${_vga_destination%/*}
- [ -d "${appdir}" ] && \
- rm -Rf ${appdir}
-
- mkdir -p "${appdir}"
- cp "${dl_path}" "${appdir}"
-
- if [ "${e6400_vga_offset}" = "" ]; then
- printf "E6400 VGA offset not defined\n"
- return 1
- elif [ "${e6400_vga_romname}" = "" ]; then
- printf "E6400 VGA ROM name not defined\n"
- return 1
- fi
+ mkdir -p ${_vga_destination%/*} || \
+ err "extract_e6400vga: can't mkdir ${_vga_destination%/*}"
+ [ ! -d "${appdir}" ] || \
+ rm -Rf ${appdir} || \
+ err "extract_e6400vga: can't rm -Rf ${appdir}"
+
+ mkdir -p "${appdir}" || \
+ err "extract_e6400vga: can't mkdir ${appdir}"
+ cp "${dl_path}" "${appdir}" || \
+ err "extract_e6400vga: can't copy vendor update"
+
+ [ "${e6400_vga_offset}" = "" ] && \
+ err "extract_e6400vga: E6400 VGA offset not defined"
+ [ "${e6400_vga_romname}" = "" ] && \
+ err "extract_e6400vga: E6400 VGA ROM name not defined"
(
- cd "${appdir}"
- tail -c +${e6400_vga_offset} "${dl_path##*/}" \
- | gunzip > bios.bin
+ cd "${appdir}" || \
+ err "extract_e6400vga: can't cd ${appdir}"
+ tail -c +${e6400_vga_offset} "${dl_path##*/}" | gunzip > bios.bin || \
+ err "extract_e6400vga: can't gunzip > bios.bin"
+
[ -f "bios.bin" ] || \
- err "Could not extract bios.bin from Dell E6400 update"
+ err "extract_e6400vga: can't extract bios.bin from update"
"${e6400_unpack}" bios.bin || printf "TODO: fix dell extract util\n"
[ -f "${e6400_vga_romname}" ] || \
- err "Could not extract VGA ROM from Dell E6400 BIOS update"
+ err "extract_e6400vga: can't extract vga rom from bios.bin"
)
- cp "${appdir}"/"${e6400_vga_romname}" "${_vga_destination}"
+ cp "${appdir}"/"${e6400_vga_romname}" "${_vga_destination}" || \
+ err "extract_e6400vga: can't copy vga rom to ${_vga_destination}"
printf "E6400 Nvidia ROM saved to: %s\n" "${_vga_destination}"
}
@@ -398,16 +421,18 @@ extract_sch5545ec()
_sch5545ec_destination=${CONFIG_SMSC_SCH5545_EC_FW_FILE#../../}
if [ -f "${_sch5545ec_destination}" ]; then
- printf 'sch5545 firmware already downloaded\n'
+ printf "sch5545 firmware already downloaded\n" 1>&2
return 0
fi
- [ -d "${appdir}" ] rm -Rf "${appdir}"
+ [ ! -d "${appdir}" ] || rm -Rf "${appdir}" || \
+ err "extract_sch5545ec: can't remove ${appdir}"
- mkdir -p "${appdir}/"
- cp "${dl_path}" "${appdir}/"
+ mkdir -p "${appdir}/" || err "extract_sch5545ec: !mkdir ${appdir}"
+ cp "${dl_path}" "${appdir}/" || \
+ err "extract_sch5545ec: can't copy vendor update file"
python "${pfs_extract}" "${appdir}/${dlsum}" -e || \
- err "cannot extract archive (dell, sch5545)"
+ err "extract_sch5545ec: can't extract from vendor update"
# full system ROM (UEFI), to extract with UEFIExtract:
_bios="${appdir}/${dlsum}_extracted/Firmware"
@@ -419,15 +444,16 @@ extract_sch5545ec()
_sch5545ec_fw="${_sch5545ec_fw}/0 Raw section/body.bin" # <-- this!
# this makes the file defined by _sch5545ec_fw available to copy
- "${uefiextract}" "${_bios}" || err "cannot extract dell uefi image"
+ "${uefiextract}" "${_bios}" || \
+ err "extract_sch5545ec: cannot extract from uefi image"
cp "${_sch5545ec_fw}" "${_sch5545ec_destination}" || \
- err "cannot copy sch5545ec firmware file"
+ err "extract_sch5545ec: cannot copy sch5545ec firmware file"
}
fetch_update()
{
- printf "Fetching vendor update for board: %s\n" ${board}
+ printf "Fetching vendor update for board: %s\n" "${board}"
fw_type="${1}"
dl=""
@@ -450,39 +476,38 @@ fetch_update()
dl_bkup="${sch5545ec_dl_url_bkup}"
dlsum="${sch5545ec_dl_hash}"
else
- printf "Unsupported download type: %s\n" ${fw_type}
- return 1
+ err "fetch_update: Unsupported download type: ${fw_type}"
fi
- if [ -z "${dl_url+x}" ] && [ "${fw_type}" != "e6400vga" ]; then
- printf "No vendor update specified for board: %s\n" ${board}
- return 1
- fi
+ [ -z "${dl_url+x}" ] && [ "${fw_type}" != "e6400vga" ] && \
+ err "fetch_update ${fw_type}: dl_url unspecified for: ${board}"
dl_path=${blobdir}/cache/${dlsum}
- mkdir -p ${blobdir}/cache
+ mkdir -p ${blobdir}/cache || err "fetch_update: !mkdir ${blobdir}/cache"
dl_fail="y"
vendor_checksum ${dlsum} && dl_fail="n"
for x in "${dl}" "${dl_bkup}"; do
[ "${dl_fail}" = "n" ] && break
- rm -f "${dl_path}"
- wget -U "${agent}" ${x} -O ${dl_path}
+ [ -z "${x}" ] && continue
+ rm -f "${dl_path}" || \
+ err "fetch_update ${fw_type}: !rm -f ${dl_path}"
+ wget -U "${agent}" ${x} -O ${dl_path} || continue
vendor_checksum ${dlsum} && dl_fail="n"
done
if [ "${dl_fail}" = "y" ]; then
- printf "Could not download blob file\n" 1>&2
- return 1
+ printf "ERROR: invalid vendor updates for: %s\n" "${board}" 1>&2
+ err "fetch_update ${fw_type}: matched vendor update unavailable"
fi
}
vendor_checksum()
{
if [ ! -f "${dl_path}" ]; then
- printf "Vendor update not found on disk for: %s\n" ${board}
+ printf "Vendor update not found on disk for: %s\n" ${board} 1>&2
return 1
elif [ "$(sha1sum ${dl_path} | awk '{print $1}')" != "${1}" ]; then
- printf "Bad checksum on vendor update for: %s\n" ${board}
+ printf "Bad checksum on vendor update for: %s\n" ${board} 1>&2
return 1
fi
}
diff --git a/resources/scripts/update/blobs/extract b/resources/scripts/update/blobs/extract
index d7a68bf3..b6b3af3b 100755
--- a/resources/scripts/update/blobs/extract
+++ b/resources/scripts/update/blobs/extract
@@ -44,22 +44,27 @@ main()
check_board()
{
- [ -f "${vendor_rom}" ] || \
- err "file does not exist: ${vendor_rom}"
- [ -d "${boarddir}" ] || \
- err "build/roms ${board}: target not defined"
- [ -f "${boarddir}/target.cfg" ] || \
- err "build/roms ${board}: missing target.cfg"
+ if [ ! -f "${vendor_rom}" ]; then
+ err "check_board: ${board}: file does not exist: ${vendor_rom}"
+ elif [ ! -d "${boarddir}" ]; then
+ err "check_board: ${board}: target not defined"
+ elif [ ! -f "${boarddir}/target.cfg" ]; then
+ err "check_board: ${board}: missing target.cfg"
+ fi
}
build_dependencies()
{
- [ -d me_cleaner ] || \
- ./fetch me_cleaner || err "can't fetch me_cleaner"
- [ -d ${cbdir} ] || \
- ./fetch_trees coreboot default || err "can't fetch coreboot"
- [ -f ${ifdtool} ] || \
- make -C "${ifdtool%/ifdtool}" || err "can't build ifdtool"
+ if [ ! -d me_cleaner ]; then
+ ./fetch me_cleaner || \
+ err "build_dependencies: can't fetch me_cleaner"
+ elif [ ! -d "${cbdir}" ]; then
+ ./fetch_trees coreboot default || \
+ err "build_dependencies: can't fetch coreboot"
+ elif [ ! -f "${ifdtool}" ]; then
+ make -C "${ifdtool%/ifdtool}" || \
+ err "build_dependencies: can't build ifdtool"
+ fi
}
extract_blobs()
@@ -67,11 +72,11 @@ extract_blobs()
printf "extracting blobs for %s from %s\n" ${board} ${vendor_rom}
set -- "${boarddir}/config/"*
- . ${1} 2>/dev/null
+ . "${1}"
. "${boarddir}/target.cfg"
[ "$CONFIG_HAVE_MRC" != "y" ] || \
- ./update blobs mrc || err "could not download mrc"
+ ./update blobs mrc || err "extract_blobs: can't fetch mrc"
_me_destination=${CONFIG_ME_BIN_PATH#../../}
_gbe_destination=${CONFIG_GBE_BIN_PATH#../../}
@@ -81,11 +86,11 @@ extract_blobs()
extract_blob_intel_gbe_nvm
# Cleans up other files extracted with ifdtool
- rm -f flashregion*.bin 2> /dev/null
+ rm -f flashregion*.bin || err "extract_blobs: !rm -f flashregion*.bin"
- [ -f ${_ifd_destination} ] || err "Could not extract IFD"
+ [ -f ${_ifd_destination} ] || err "extract_blobs: Could not extract IFD"
printf "gbe, ifd, and me extracted to %s\n" \
- ${_me_destination%/*}
+ "${_me_destination%/*}"
}
extract_blob_intel_me()
@@ -96,15 +101,16 @@ extract_blob_intel_me()
-M ${_me_destination} ${vendor_rom} -t -r -S || \
${me7updateparser} \
-O ${_me_destination} ${vendor_rom} || \
- err "me_cleaner failed to extract blobs from rom"
+ err "extract_blob_intel_me: cannot extract from vendor rom"
}
extract_blob_intel_gbe_nvm()
{
printf "extracting gigabit ethernet firmware"
- ./${ifdtool} -x ${vendor_rom}
+ ./${ifdtool} -x ${vendor_rom} || \
+ err "extract_blob_intel_gbe_nvm: cannot extract gbe.bin from rom"
mv flashregion*gbe.bin ${_gbe_destination} || \
- err 'could not extract gbe'
+ err "extract_blob_intel_gbe_nvm: cannot move gbe.bin"
}
print_help()
diff --git a/resources/scripts/update/blobs/inject b/resources/scripts/update/blobs/inject
index a6f6c007..4ab0c366 100755
--- a/resources/scripts/update/blobs/inject
+++ b/resources/scripts/update/blobs/inject
@@ -67,27 +67,28 @@ main()
printf "Friendly reminder (this is *not* an error message):\n"
printf "Please always ensure that the files were inserted correctly.\n"
- printf "Read https://libreboot.org/docs/install/ivy_has_common.html\n"
+ printf "Read: https://libreboot.org/docs/install/ivy_has_common.html\n"
}
check_board()
{
if ! check_release ${archive} ; then
[ -f "${rom}" ] || \
- err "\"${rom}\" is not a valid path"
+ err "check_board: \"${rom}\" is not a valid path"
[ -z ${rom+x} ] && \
- err "no rom specified"
+ err "check_board: no rom specified"
[ ! -z ${board+x} ] || \
- board=$(detect_board ${rom}) || \
- err "no board specified"
+ board=$(detect_board "${rom}")
else
release=true
releasearchive="${archive}"
- board=$(detect_board ${archive})
+ board=$(detect_board "${archive}")
fi
boarddir="${cbcfgsdir}/${board}"
- [ -d "${boarddir}" ] || err "board ${board} not found"
+ if [ ! -d "${boarddir}" ]; then
+ err "check_board: board ${board} not found"
+ fi
}
check_release()
@@ -122,18 +123,20 @@ detect_board()
build_dependencies()
{
[ -d "${cbdir}" ] || ./fetch_trees coreboot default
- ./build coreboot utils default || err "could not build cbutils"
+ ./build coreboot utils default || \
+ err "build_dependencies: could not build cbutils"
./update blobs download ${board} || \
- err "Could not download blobs for ${board}"
+ err "build_dependencies: Could not download blobs for ${board}"
}
inject_blobs()
{
if [ "${release}" = "true" ]; then
- echo 'patching release file'
+ printf "patching release file\n"
patch_release_roms
else
- patch_rom ${rom}
+ patch_rom "${rom}" || \
+ err "inject_blobs: could not patch ${x}"
fi
}
@@ -141,17 +144,17 @@ patch_release_roms()
{
_tmpdir=$(mktemp -d "/tmp/${board}_tmpXXXX")
tar xf "${releasearchive}" -C "${_tmpdir}" || \
- err 'could not extract release archive'
+ err "patch_release_roms: could not extract release archive"
for x in ${_tmpdir}/bin/*/*.rom ; do
echo "patching rom $x"
- patch_rom ${x} || err "could not patch ${x}"
+ patch_rom ${x} || err "patch_release_roms: could not patch ${x}"
done
(
cd ${_tmpdir}/bin/*
sha1sum --status -c blobhashes || \
- err 'ROMs did not match expected hashes'
+ err "patch_release_roms: ROMs did not match expected hashes"
)
if [ "${modifygbe}" = "true" ]; then
@@ -160,19 +163,31 @@ patch_release_roms()
done
fi
- [ -d bin/release ] || mkdir -p bin/release
- mv ${_tmpdir}/bin/* bin/release/ && \
- printf '%s\n' 'Success! Your ROMs are in bin/release'
+ [ -d bin/release ] || mkdir -p bin/release || \
+ err "patch_release_roms: !mkdir -p bin/release"
+ mv "${_tmpdir}"/bin/* bin/release/ || \
+ err "patch_release_roms: !mv ${_tmpdir}/bin/* bin/release/"
+
+ printf "Success! Your ROMs are in bin/release\n"
- rm -r "${_tmpdir}"
+ rm -Rf "${_tmpdir}" || err "patch_release_roms: !rm -Rf ${_tmpdir}"
}
patch_rom()
{
rom="${1}"
+ no_config="printf \"No configs on target, %s\\n\" ${board} 1>&2; exit 1"
+ for x in "${boarddir}"/config/*; do
+ [ -f "${x}" ] && no_config=""
+ done
+ eval "${no_config}"
+
+ [ -f "${boarddir}/target.cfg" ] || \
+ err "patch_rom: file missing: ${boarddir}/target.cfg"
+
set -- "${boarddir}/config/"*
- . ${1} 2>/dev/null
+ . "${1}"
. "${boarddir}/target.cfg"
[ "$CONFIG_HAVE_MRC" = "y" ] && \
@@ -189,6 +204,8 @@ patch_rom()
inject_blob_smsc_sch5545_ec "${rom}"
[ "${modifygbe}" = "true" ] && ! [ "${release}" = "true" ] && \
modify_gbe ${rom}
+
+ printf "ROM image successfully patched: %s\n" "${rom}"
}
inject_blob_intel_mrc()
@@ -216,7 +233,7 @@ inject_blob_intel_mrc()
# TODO: this logic should be tweaked to handle more platforms
${cbfstool} ${rom} add -f mrc/haswell/mrc.bin -n mrc.bin -t mrc \
- -b 0xfffa0000 || err "cannot insert mrc.bin"
+ -b 0xfffa0000 || err "inject_blob_intel_mrc: cannot insert mrc.bin"
}
inject_blob_intel_me()
@@ -225,14 +242,14 @@ inject_blob_intel_me()
rom="${1}"
[ -z ${CONFIG_ME_BIN_PATH} ] && \
- err "CONFIG_ME_BIN_PATH not set"
+ err "inject_blob_intel_me: CONFIG_ME_BIN_PATH not set"
_me_location=${CONFIG_ME_BIN_PATH#../../}
[ ! -f "${_me_location}" ] && \
- err "CONFIG_ME_BIN_PATH points to missing file"
+ err "inject_blob_intel_me: per CONFIG_ME_BIN_PATH: file missing"
${ifdtool} -i me:${_me_location} ${rom} -O ${rom} || \
- err "cannot insert me.bin"
+ err "inject_blob_intel_me: cannot insert me.bin"
}
inject_blob_hp_kbc1126_ec()
@@ -247,19 +264,21 @@ inject_blob_hp_kbc1126_ec()
printf "adding hp kbc1126 ec firmware\n"
if [ "${_ec1_offset}" = "" ] || [ "${_ec1_offset}" = "" ]; then
- err "EC offsets not declared for board, ${board}"
+ err "inject_blob_hp_kbc1126_ec: ${board}: offset not declared"
fi
if [ "${_ec1_location}" = "" ] || [ "${_ec2_location}" = "" ]; then
- err "EC firmware path not declared for board, ${board}"
+ err "inject_blob_hp_kbc1126_ec: ${board}: EC path not declared"
fi
if [ ! -f "${_ec1_location}" ] || [ ! -f "${_ec2_location}" ]; then
- err "EC firmware not downloaded for board: ${board}"
+ err "inject_blob_hp_kbc1126_ec: ${board}: ecfw not downloaded"
fi
${cbfstool} "${rom}" add -f ${_ec1_location} -n ecfw1.bin \
- -b ${_ec1_offset} -t raw || err "cannot insert ecfw1.bin"
+ -b ${_ec1_offset} -t raw || \
+ err "inject_blob_hp_kbc1126_ec: cannot insert ecfw1.bin"
${cbfstool} "${rom}" add -f ${_ec2_location} -n ecfw2.bin \
- -b ${_ec2_offset} -t raw || err "cannot insert ecfw2.bin"
+ -b ${_ec2_offset} -t raw || \
+ err "inject_blob_hp_kbc1126_ec: cannot insert ecfw2.bin"
}
inject_blob_dell_e6400_vgarom_nvidia()
@@ -273,15 +292,15 @@ inject_blob_dell_e6400_vgarom_nvidia()
printf "adding pci option rom\n"
if [ "${_vga_dir}" != "${pciromsdir}" ]; then
- err "Invalid PCI ROM directory, ${_vga_dir}"
+ err "inject_blob_dell_e6400vga: invalid pcirom dir: ${_vga_dir}"
fi
if [ ! -f "${_vga_location}" ]; then
- err "No such file exists, ${_vga_location}"
+ err "inject_blob_dell_e6400vga: ${_vga_location} doesn't exist"
fi
${cbfstool} ${rom} add -f "${_vga_location}" \
-n "pci${CONFIG_VGA_BIOS_ID}.rom" -t optionrom || \
- err "cannot insert e6400 nvidia rom"
+ err "inject_blob_dell_e6400vga: cannot insert vga oprom"
}
inject_blob_smsc_sch5545_ec()
@@ -291,11 +310,12 @@ inject_blob_smsc_sch5545_ec()
_sch5545ec_location="${CONFIG_SMSC_SCH5545_EC_FW_FILE#../../}"
if [ ! -f "${_sch5545ec_location}" ]; then
- err "SCH5545 firmware file missing"
+ err "inject_blob_smsc_sch5545_ec: SCH5545 fw missing"
fi
"${cbfstool}" "${rom}" add -f "${_sch5545ec_location}" \
- -n sch5545_ecfw.bin -t raw || err "cannot insert sch5545_ecfw.bin"
+ -n sch5545_ecfw.bin -t raw || \
+ err "inject_blob_smsc_sch5545_ec: can't insert sch5545_ecfw.bin"
}
modify_gbe()
@@ -305,22 +325,22 @@ modify_gbe()
rom=${1}
[ -z ${CONFIG_GBE_BIN_PATH} ] && \
- err "CONFIG_GBE_BIN_PATH not set"
+ err "modify_gbe: ${board}: CONFIG_GBE_BIN_PATH not set"
_gbe_location=${CONFIG_GBE_BIN_PATH#../../}
[ -f "${_gbe_location}" ] || \
- err "CONFIG_GBE_BIN_PATH points to missing file"
+ err "modify_gbe: CONFIG_GBE_BIN_PATH points to missing file"
[ -f ${nvmutil} ] || \
- make -C util/nvmutil || err 'failed to build nvmutil'
+ make -C util/nvmutil || err "modify_gbe: couldn't build nvmutil"
_gbe_tmp=$(mktemp -t gbeXXXX.bin)
cp ${_gbe_location} ${_gbe_tmp}
- ${nvmutil} "${_gbe_tmp}" setmac ${new_mac} || \
- err 'failed to modify mac address'
+ ${nvmutil} "${_gbe_tmp}" setmac "${new_mac}" || \
+ err "modify_gbe: ${board}: failed to modify mac address"
${ifdtool} -i GbE:${_gbe_tmp} "${rom}" -O "${rom}" || \
- err "cannot insert modified gbe.bin"
+ err "modify_gbe: ${board}: cannot insert modified gbe.bin"
rm -f ${_gbe_tmp}
}
diff --git a/resources/scripts/update/blobs/mrc b/resources/scripts/update/blobs/mrc
index 57cbede6..74899990 100755
--- a/resources/scripts/update/blobs/mrc
+++ b/resources/scripts/update/blobs/mrc
@@ -72,23 +72,23 @@ check_existing()
build_dependencies()
{
[ -d "${cbdir}/" ] || ./fetch_trees coreboot default || \
- err "cannot fetch coreboot/default"
+ err "build_dependencies: cannot fetch coreboot/default"
./build coreboot utils default || \
- err "cannot build cbutils/default"
+ err "build_dependencies: cannot build cbutils/default"
}
fetch_mrc()
{
- mkdir -p mrc/haswell/ || err "cannot mkdir mrc/haswell"
+ mkdir -p mrc/haswell/ || err "fetch_mrc: !mkdir mrc/haswell"
(
- cd mrc/haswell/
+ cd mrc/haswell/ || err "fetch_mrc: !cd mrc/haswell"
download_image ${_url} ${_file} ${_sha1sum}
[ -f ${_file} ] || \
download_image ${_url2} ${_file} ${_sha1sum}
[ -f $_file ] || \
- err "%{_file} not downloaded / verification failed."
+ err "fetch_mrc: ${_file} not downloaded / verification failed."
extract_partition ROOT-A ${_file} root-a.ext2
extract_shellball root-a.ext2 chromeos-firmwareupdate-${_board}
@@ -96,9 +96,9 @@ fetch_mrc()
extract_coreboot chromeos-firmwareupdate-${_board}
../../${cbfstool} coreboot-*.bin extract -f mrc.bin -n mrc.bin \
- -r RO_SECTION || err "Could not fetch mrc.bin"
+ -r RO_SECTION || err "fetch_mrc: could not fetch mrc.bin"
rm -f "chromeos-firmwareupdate-${_board}" coreboot-*.bin \
- "${_file}" "root-a.ext2"
+ "${_file}" "root-a.ext2" || err "fetch_mrc: cannot remove files"
printf "\n\nmrc.bin saved to ${_mrc_complete}\n\n"
)
@@ -111,16 +111,16 @@ download_image()
_sha1sum=${3}
printf "Downloading recovery image\n"
- curl "$url" > "$_file.zip"
+ curl "$url" > "$_file.zip" || err "download_image: curl failed"
printf "Verifying recovery image checksum\n"
if [ "$(sha1sum ${_file}.zip | awk '{print $1}')" = "${_sha1sum}" ]
then
- unzip -q "${_file}.zip"
- rm "${_file}.zip"
+ unzip -q "${_file}.zip" || err "download_image: cannot unzip"
+ rm -f "${_file}.zip" || err "download_image: can't rm zip {1}"
return 0
fi
- rm "${_file}.zip"
- err "Bad checksum. Recovery image deleted"
+ rm -f "${_file}.zip" || err "download_image: bad hash, and can't rm zip"
+ err "download_image: Bad checksum. Recovery image deleted"
}
extract_partition()
@@ -138,7 +138,8 @@ extract_partition()
SIZE=$(( $( echo ${ROOTP} | cut -f4 -d\ | tr -d "B" ) ))
dd if=${FILE} of=${ROOTFS} bs=${_bs} skip=$(( ${START} / ${_bs} )) \
- count=$(( ${SIZE} / ${_bs} )) > /dev/null
+ count=$(( ${SIZE} / ${_bs} )) || \
+ err "extract_partition: can't extract root file system"
}
extract_shellball()
@@ -148,7 +149,7 @@ extract_shellball()
printf "Extracting chromeos-firmwareupdate\n"
printf "cd /usr/sbin\ndump chromeos-firmwareupdate ${SHELLBALL}\nquit" \
- | debugfs ${ROOTFS} > /dev/null 2>&1
+ | debugfs ${ROOTFS} || err "extract_shellball: debugfs"
}
extract_coreboot()
@@ -157,13 +158,27 @@ extract_coreboot()
_unpacked=$( mktemp -d )
printf "Extracting coreboot image\n"
- sh ${_shellball} --unpack ${_unpacked} > /dev/null
+
+ [ -f "${_shellball}" ] || \
+ err "extract_coreboot: shellball missing in google peppy image"
+
+ sh ${_shellball} --unpack ${_unpacked} || \
+ err "extract_coreboot: shellball exits with non-zero status"
+
+ # TODO: audit the f* out of that shellball, for each mrc version.
+ # it has to be updated for each mrc update. we should ideally
+ # implement the functionality ourselves.
+
+ [ -f "${_unpacked}/VERSION" ] || \
+ err "extract_coreboot: VERSION file missing on google coreboot rom"
_version=$( cat ${_unpacked}/VERSION | grep BIOS\ version: | \
cut -f2 -d: | tr -d \ )
- cp ${_unpacked}/bios.bin coreboot-${_version}.bin
- rm -r "${_unpacked}"
+ cp ${_unpacked}/bios.bin coreboot-${_version}.bin || \
+ err "extract_coreboot: cannot copy google peppy rom"
+ rm -Rf "${_unpacked}" || \
+ err "extract_coreboot: cannot remove extracted google peppy archive"
}
main $@