summaryrefslogtreecommitdiff
path: root/script
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-12-23 06:54:56 +0000
committerLeah Rowe <leah@libreboot.org>2023-12-23 06:59:48 +0000
commitf44b99c808ed834dceea1109c34a2f587bb46a06 (patch)
tree414a31aeffb179a1f5d6ddfbe51593234bd5b061 /script
parent72cd169ee5ddc435a7742d7a05be1f59756a3aae (diff)
don't delete microcode updates in rom images
at present, lbmk can remove microcode updates on images for a given target, if the target specifies microcode_required="n" in target.cfg lbmk then provides images with microcode, and images without, in a given release. although the user can also remove them manually, this just makes it a bit more convenient, for those users who do wish to run without the updates. this functionality is provided only on those platforms where no-microcode is tested. well, this behaviour implements a compromise on libreboot policy, which is to always include microcode updates by default. see: Binary Blob Reduction Policy the *canoeboot* project now exists, developed in parallel with libreboot, and it ships without microcode updates, on the same targets where lbmk also handled this. running without microcode updates is foolish, and should not be encouraged. clean up lbmk by not providing this kludge. the libreboot documentation will be updated, telling such users to try canoeboot instead, or to remove the update from a given libreboot rom - this is still possible, and mitigations such as PECI disablement on GM45 are still in place (and will be kept), so that this continues to work well. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'script')
-rwxr-xr-xscript/build/roms19
-rwxr-xr-xscript/update/release31
-rwxr-xr-xscript/vendor/inject18
3 files changed, 7 insertions, 61 deletions
diff --git a/script/build/roms b/script/build/roms
index 2926f297..f72b66b6 100755
--- a/script/build/roms
+++ b/script/build/roms
@@ -22,7 +22,7 @@ kmapdir="config/grub/keymap"
pv="payload_grub payload_grub_withseabios payload_seabios payload_memtest t"
pv="${pv} payload_seabios_withgrub payload_seabios_grubonly payload_uboot memtest_bin"
v="romdir cbrom initmode displaymode cbcfg targetdir tree arch"
-v="${v} grub_timeout ubdir vendorfiles board grub_scan_disk uboot_config"
+v="${v} grub_timeout ubdir board grub_scan_disk uboot_config"
eval "$(setvars "n" ${pv})"
eval "$(setvars "" ${v} boards _displaymode _payload _keyboard all targets)"
@@ -107,8 +107,6 @@ check_target()
payload_uboot="n"
[ "${payload_uboot}" = "y" ] && [ -z "${uboot_config}" ] && \
uboot_config="default"
- [ "${vendorfiles}" != "n" ] && [ "${vendorfiles}" != "y" ] && \
- vendorfiles="y"
# Override all payload directives with cmdline args
[ -z "${_payload}" ] && return 0
@@ -401,17 +399,12 @@ mkUbootRom() {
printf "%s\n" "${tmprom}"
}
-# it is assumed that no other work will be done on the ROM
-# after calling this function. therefore this function is "final"
-moverom() {
- rompath="${1}"
- newrom="${2}"
-
- [ "${vendorfiles}" = "n" ] && newrom="${newrom%.rom}_noblobs.rom"
- printf "Creating target image: %s\n" "${newrom}"
+moverom()
+{
+ printf "Creating target image: %s\n" "$2"
- x_ mkdir -p "${newrom%/*}"
- x_ cp "${rompath}" "${newrom}"
+ x_ mkdir -p "${2%/*}"
+ x_ cp "$1" "$2"
}
usage()
diff --git a/script/update/release b/script/update/release
index b9128328..76de4ede 100755
--- a/script/update/release
+++ b/script/update/release
@@ -7,8 +7,7 @@ set -u -e
. "include/err.sh"
. "include/option.sh"
-eval "$(setvars "" vdir relname src_dirname srcdir _xm target romdir \
- microcode_required mode)"
+eval "$(setvars "" vdir relname src_dirname srcdir _xm target romdir mode)"
main()
{
@@ -133,21 +132,7 @@ handle_rom_archive()
nukerom()
{
- microcode_required="y"
. "config/coreboot/${target}/target.cfg"
- if [ "${microcode_required}" != "y" ] && \
- [ "${microcode_required}" != "n" ]; then microcode_required="y"; fi
- if [ "${microcode_required}" = "n" ]; then
- for romfile in "${romdir}"/*.rom; do
- [ -f "${romfile}" ] || continue
- strip_ucode "${romfile}"
- done
- for romfile in "${romdir}"/*.tmprom; do
- [ -f "${romfile}" ] || continue
- mv "${romfile}" "${romfile%.tmprom}.rom" || \
- err "!mv romfile, nukerom"
- done
- fi
# Hash the images before removing vendor files
# which "./vendor inject" uses for verification
@@ -165,20 +150,6 @@ nukerom()
done
}
-strip_ucode()
-{
- romfile=${1}
- _newrom_b="${romfile%.rom}_nomicrocode.tmprom"
- cp "${romfile}" "${_newrom_b}" || err "!cp romfile ${romfile}, strip_u"
- microcode_present="y"
- "${cbfstool}" "${_newrom_b}" remove -n \
- cpu_microcode_blob.bin 2>/dev/null || microcode_present="n"
- [ "${microcode_present}" = "n" ] || return 0
- printf "REMARK: '%s' already lacks microcode\n" "${romfile}" 1>&2
- printf "Renaming default ROM file instead.\n" 1>&2
- mv "${romfile}" "${_newrom_b}" || err "!mv romfile ${romfile}, strip_u"
-}
-
insert_copying_files()
{
remkdir "${1}/licenses"
diff --git a/script/vendor/inject b/script/vendor/inject
index b4b74bb7..1f1d0209 100755
--- a/script/vendor/inject
+++ b/script/vendor/inject
@@ -122,14 +122,6 @@ patch_release_roms()
printf "patching rom: %s\n" "$x"
patch_rom "${x}"
done
- for x in "${_tmpdir}"/bin/*/*_nomicrocode.rom ; do
- [ -f "${x}" ] || continue
- [ -f "${x%_nomicrocode.rom}.rom" ] || continue
-
- cp "${x%_nomicrocode.rom}.rom" "${x}" || \
- err "patch_r: !cp \"${x%_nomicrocode.rom}.rom\" \"${x}\""
- x_ "${cbfstool}" "${x}" remove -n cpu_microcode_blob.bin
- done
(
x_ cd "${_tmpdir}/bin/"* # TODO: very dodgy, re-write accordingly
@@ -159,16 +151,6 @@ patch_rom()
{
rom="${1}"
- # we don't process no-microcode roms; these are
- # instead re-created at the end, after re-inserting
- # on roms with microcode, by copying and then removing,
- # so that the hashes will match (otherwise, cbfstool
- # may sometimes insert certain vendor files at the wrong offset)
- # (unless nomicrocode is the only config provided)
- [ "${rom}" != "${rom%_nomicrocode.rom}.rom" ] && \
- [ -f "${rom%_nomicrocode.rom}.rom" ] && \
- [ "${release}" = "y" ] && return 0
-
check_defconfig "$boarddir" && err "patch_rom $boarddir: no configs"
set -- "${boarddir}/config/"*