diff options
| author | Leah Rowe <leah@libreboot.org> | 2023-12-23 06:54:56 +0000 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2023-12-23 06:59:48 +0000 |
| commit | f44b99c808ed834dceea1109c34a2f587bb46a06 (patch) | |
| tree | 414a31aeffb179a1f5d6ddfbe51593234bd5b061 /script/update/release | |
| parent | 72cd169ee5ddc435a7742d7a05be1f59756a3aae (diff) | |
don't delete microcode updates in rom images
at present, lbmk can remove microcode updates on images for
a given target, if the target specifies
microcode_required="n" in target.cfg
lbmk then provides images with microcode, and images without,
in a given release. although the user can also remove them
manually, this just makes it a bit more convenient, for those
users who do wish to run without the updates. this functionality
is provided only on those platforms where no-microcode is tested.
well, this behaviour implements a compromise on libreboot policy,
which is to always include microcode updates by default. see:
Binary Blob Reduction Policy
the *canoeboot* project now exists, developed in parallel with
libreboot, and it ships without microcode updates, on the same
targets where lbmk also handled this.
running without microcode updates is foolish, and should not
be encouraged. clean up lbmk by not providing this kludge.
the libreboot documentation will be updated, telling such users
to try canoeboot instead, or to remove the update from a given
libreboot rom - this is still possible, and mitigations such as
PECI disablement on GM45 are still in place (and will be kept),
so that this continues to work well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'script/update/release')
| -rwxr-xr-x | script/update/release | 31 |
1 files changed, 1 insertions, 30 deletions
diff --git a/script/update/release b/script/update/release index b9128328..76de4ede 100755 --- a/script/update/release +++ b/script/update/release @@ -7,8 +7,7 @@ set -u -e . "include/err.sh" . "include/option.sh" -eval "$(setvars "" vdir relname src_dirname srcdir _xm target romdir \ - microcode_required mode)" +eval "$(setvars "" vdir relname src_dirname srcdir _xm target romdir mode)" main() { @@ -133,21 +132,7 @@ handle_rom_archive() nukerom() { - microcode_required="y" . "config/coreboot/${target}/target.cfg" - if [ "${microcode_required}" != "y" ] && \ - [ "${microcode_required}" != "n" ]; then microcode_required="y"; fi - if [ "${microcode_required}" = "n" ]; then - for romfile in "${romdir}"/*.rom; do - [ -f "${romfile}" ] || continue - strip_ucode "${romfile}" - done - for romfile in "${romdir}"/*.tmprom; do - [ -f "${romfile}" ] || continue - mv "${romfile}" "${romfile%.tmprom}.rom" || \ - err "!mv romfile, nukerom" - done - fi # Hash the images before removing vendor files # which "./vendor inject" uses for verification @@ -165,20 +150,6 @@ nukerom() done } -strip_ucode() -{ - romfile=${1} - _newrom_b="${romfile%.rom}_nomicrocode.tmprom" - cp "${romfile}" "${_newrom_b}" || err "!cp romfile ${romfile}, strip_u" - microcode_present="y" - "${cbfstool}" "${_newrom_b}" remove -n \ - cpu_microcode_blob.bin 2>/dev/null || microcode_present="n" - [ "${microcode_present}" = "n" ] || return 0 - printf "REMARK: '%s' already lacks microcode\n" "${romfile}" 1>&2 - printf "Renaming default ROM file instead.\n" 1>&2 - mv "${romfile}" "${_newrom_b}" || err "!mv romfile ${romfile}, strip_u" -} - insert_copying_files() { remkdir "${1}/licenses" |