move resources/scripts/ to script/

Signed-off-by: Leah Rowe <leah@libreboot.org>

1 files changed, 184 insertions, 0 deletions

diff --git a/script/update/blobs/mrc b/script/update/blobs/mrc
new file mode 100755
index 00000000..c069e678
--- /dev/null
+++ b/script/update/blobs/mrc
@@ -0,0 +1,184 @@
+#!/usr/bin/env sh
+
+# Download Intel MRC images
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, version 2 of the License.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+[ "x${DEBUG+set}" = 'xset' ] && set -v
+set -u -e
+
+. "include/err.sh"
+
+export PATH="${PATH}:/sbin"
+
+# This file is forked from util/chromeos/crosfirmware.sh in coreboot cfc26ce278
+# Changes to it in *this version* are copyright 2021 and 2023 Leah Rowe, under
+# the same license as above.
+
+# use updated manifest from wayback machine, when updating mrc.bin,
+# and update the other variables below accordingly. current manifest used:
+# https://web.archive.org/web/20210211071412/https://dl.google.com/dl/edgedl/chromeos/recovery/recovery.conf
+
+# the wayback machine is used so that we get the same manifest. google
+# does not seem to version the manifest, but archives are available
+
+# variables taken from that manifest:
+
+_board="peppy"
+_file="chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin"
+_url="https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip"
+_url2="https://web.archive.org/web/20200516070928/https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip"
+_sha1sum="cd5917cbe7f821ad769bf0fd87046898f9e175c8"
+_mrc_complete_hash="d18de1e3d52c0815b82ea406ca07897c56c65696"
+_mrc_complete="mrc/haswell/mrc.bin"
+
+cbdir="coreboot/default"
+cbfstool="cbutils/default/cbfstool"
+
+sname=""
+
+main()
+{
+	sname=${0}
+	printf "Downloading Intel MRC blobs\n"
+
+	check_existing || return 0
+	build_dependencies
+	fetch_mrc || err "could not fetch mrc.bin"
+}
+
+check_existing()
+{
+	[ -f "${_mrc_complete}" ] || \
+		return 0
+	printf 'found existing mrc.bin\n'
+	[ "$(sha1sum "${_mrc_complete}" | awk '{print $1}')" \
+	    = "${_mrc_complete_hash}" ] && \
+		return 1
+	printf 'hashes did not match, starting over\n'
+}
+
+build_dependencies()
+{
+	[ -d "${cbdir}/" ] || ./fetch_trees coreboot default || \
+	    err "build_dependencies: cannot fetch coreboot/default"
+	./build coreboot utils default || \
+	    err "build_dependencies: cannot build cbutils/default"
+}
+
+fetch_mrc()
+{
+	mkdir -p mrc/haswell/ || err "fetch_mrc: !mkdir mrc/haswell"
+
+	(
+	cd mrc/haswell/ || err "fetch_mrc: !cd mrc/haswell"
+
+	download_image "${_url}" "${_file}" "${_sha1sum}"
+	[ -f ${_file} ] || \
+		download_image "${_url2}" "${_file}" "${_sha1sum}"
+	[ -f $_file ] || \
+		err "fetch_mrc: ${_file} not downloaded / verification failed."
+
+	extract_partition ROOT-A "${_file}" root-a.ext2
+	extract_shellball root-a.ext2 chromeos-firmwareupdate-${_board}
+
+	extract_coreboot chromeos-firmwareupdate-${_board}
+
+	../../"${cbfstool}" coreboot-*.bin extract -f mrc.bin -n mrc.bin \
+	    -r RO_SECTION || err "fetch_mrc: could not fetch mrc.bin"
+	rm -f "chromeos-firmwareupdate-${_board}" coreboot-*.bin \
+	    "${_file}" "root-a.ext2" || err "fetch_mrc: cannot remove files"
+
+	printf "\n\nmrc.bin saved to ${_mrc_complete}\n\n"
+	)
+}
+
+download_image()
+{
+	url=${1}
+	_file=${2}
+	_sha1sum=${3}
+
+	printf "Downloading recovery image\n"
+	curl "$url" > "$_file.zip" || err "download_image: curl failed"
+	printf "Verifying recovery image checksum\n"
+	if [ "$(sha1sum "${_file}.zip" | awk '{print $1}')" = "${_sha1sum}" ]
+	then
+		unzip -q "${_file}.zip" || err "download_image: cannot unzip"
+		rm -f "${_file}.zip" || err "download_image: can't rm zip {1}"
+		return 0
+	fi
+	rm -f "${_file}.zip" || err "download_image: bad hash, and can't rm zip"
+	err "download_image: Bad checksum. Recovery image deleted"
+}
+
+extract_partition()
+{
+	NAME=${1}
+	FILE=${2}
+	ROOTFS=${3}
+	_bs=1024
+
+	printf "Extracting ROOT-A partition\n"
+	ROOTP=$( printf "unit\nB\nprint\nquit\n" | \
+	    parted "${FILE}" 2>/dev/null | grep "${NAME}" )
+
+	START=$(( $( echo ${ROOTP} | cut -f2 -d\ | tr -d "B" ) ))
+	SIZE=$(( $( echo ${ROOTP} | cut -f4 -d\ | tr -d "B" ) ))
+
+	dd if="${FILE}" of="${ROOTFS}" bs=${_bs} skip=$(( ${START} / ${_bs} )) \
+	    count=$(( ${SIZE} / ${_bs} )) || \
+	    err "extract_partition: can't extract root file system"
+}
+
+extract_shellball()
+{
+	ROOTFS=${1}
+	SHELLBALL=${2}
+
+	printf "Extracting chromeos-firmwareupdate\n"
+	printf "cd /usr/sbin\ndump chromeos-firmwareupdate ${SHELLBALL}\nquit" \
+	    | debugfs "${ROOTFS}" || err "extract_shellball: debugfs"
+}
+
+extract_coreboot()
+{
+	_shellball=${1}
+	_unpacked=$( mktemp -d )
+
+	printf "Extracting coreboot image\n"
+
+	[ -f "${_shellball}" ] || \
+	    err "extract_coreboot: shellball missing in google peppy image"
+
+	sh "${_shellball}" --unpack "${_unpacked}" || \
+	    err "extract_coreboot: shellball exits with non-zero status"
+
+	# TODO: audit the f* out of that shellball, for each mrc version.
+	# it has to be updated for each mrc update. we should ideally
+	# implement the functionality ourselves.
+
+	[ -f "${_unpacked}/VERSION" ] || \
+	    err "extract_coreboot: VERSION file missing on google coreboot rom"
+
+	_version=$( cat "${_unpacked}/VERSION" | grep BIOS\ version: | \
+	    cut -f2 -d: | tr -d \  )
+
+	cp "${_unpacked}/bios.bin" "coreboot-${_version}.bin" || \
+	    err "extract_coreboot: cannot copy google peppy rom"
+	rm -Rf "${_unpacked}" || \
+	    err "extract_coreboot: cannot remove extracted google peppy archive"
+}
+
+main $@