diff options
author | Leah Rowe <leah@libreboot.org> | 2024-06-14 14:01:42 +0100 |
---|---|---|
committer | Leah Rowe <leah@libreboot.org> | 2024-06-14 14:51:27 +0100 |
commit | a4328cb11f927c3cceb01dcaf4d7fc7632076119 (patch) | |
tree | 0ccea46a0bb4f9d667cded1a2316c1e6d59de22a /script/roms | |
parent | 167e1a0fbe6765aaa5f5d3dc682709aa3c31260b (diff) |
roms: remove dangerous runtime p/s/d options
p = payload
s = grub_scan_disk
d = displaymode
setting the payload is no longer safe, due to issue 216
and similar issues that might pop up in the future; it's
best left only to target.cfg, per board, so that we know
what config is safe/tested. don't let the user override it.
scandisk isn't safe to override because the given machine
may not have the type of device that the user specifies
displaymode is actually ok to set, because it simply whitelists
what configs pre-existing to actually use, but it's bloat
basically, the rule is this:
don't make it easy for the user to brick their hardware.
make it harder instead.
a user wily enough to go modifying their payload will probably
have read docs/maintain/ anyway and knows how to edit target.cfg
if they want another board configuration.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'script/roms')
-rwxr-xr-x | script/roms | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/script/roms b/script/roms index 3890eddc..caa37a55 100755 --- a/script/roms +++ b/script/roms @@ -24,15 +24,14 @@ pv="$pv payload_seabios_withgrub payload_seabios_grubonly payload_grub mt86bin" v="romdir cbrom initmode displaymode cbcfg targetdir tree keymaps release" v="$v grub_timeout ubdir board grub_scan_disk uboot_config grubtree grubelf" eval "$(setvars "n" $pv)" -eval "$(setvars "" $v boards opt_d opt_p opt_k targets serprog_boards_dir opt_s)" +eval "$(setvars "" $v boards opt_k targets serprog_boards_dir)" main() { while [ $# -gt 0 ]; do - if [ "$1" = "-d" ] || [ "$1" = "-p" ] || [ "$1" = "-k" ] || \ - [ "$1" = "-s" ]; then + if [ "$1" = "-k" ]; then [ $# -lt 2 ] && $err "$1: option not specified" - eval "opt_$1=\"$2\""; shift 2 + opt_k="$2" elif [ "$1" = "serprog" ]; then shift 1; handle_serprog $@; return 0 elif [ "$1" = "list" ]; then @@ -145,7 +144,6 @@ configure_target() # Override the above defaults using target.cfg . "$targetdir/target.cfg" - [ -n "$opt_s" ] && grub_scan_disk="$opt_s" [ -z "$grub_scan_disk" ] && grub_scan_disk="nvme ahci ata" eval "$(setvars "" _ata _ahci _nvme _grub_scan_disk)" @@ -188,14 +186,7 @@ configure_target() [ "$payload_uboot" != "n" ] && [ "$payload_uboot" != "y" ] && \ payload_uboot="n" [ "$payload_uboot" = "y" ] && [ -z "$uboot_config" ] && \ - uboot_config="default" - - # Override all payload directives with cmdline args - [ -z "$opt_p" ] && return 0 - eval "$(setvars "n" payload_grub payload_memtest payload_seabios \ - payload_seabios_withgrub payload_uboot payload_grub_withseabios \ - payload_seabios_grubonly)" - eval "payload_$opt_p=y" + uboot_config="default"; return 0 } build_payloads() @@ -250,7 +241,6 @@ build_target_mainboard() hmode="vesafb" [ "$initmode" = "vgarom" ] || hmode="corebootfb" modes="$hmode txtmode" - [ -z "$opt_d" ] || modes="$opt_d" for y in $modes; do displaymode="$y" [ "$initmode" = "normal" ] && \ @@ -336,7 +326,7 @@ build_grub_roms() tmpcfg="$(mktemp -t coreboot_rom.XXXXXXXXXX)" printf "set grub_scan_disk=\"%s\"\n" "$grub_scan_disk" > "$tmpcfg" || \ - $err "set grubopt_s, $grub_scan_disk, $tmpcfg" + $err "set grub_scan_disk, $grub_scan_disk, $tmpcfg" x_ "$cbfstool" "$tmprom" add -f "$tmpcfg" -n scan.cfg -t raw printf "set timeout=%s\n" "$grub_timeout" > "$tmpcfg" || \ $err "set timeout, $grub_timeout, $tmpcfg" |