diff options
| -rw-r--r-- | config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch | 56 | ||||
| -rw-r--r-- | config/coreboot/coreboot413/patches/0002-Fix-cbfstool-build-error-on-GCC-15-host-compiler.patch | 33 | ||||
| -rw-r--r-- | config/coreboot/coreboot413/target.cfg | 4 | ||||
| -rw-r--r-- | config/data/pico-serprog/mkhelper.cfg | 2 | ||||
| -rw-r--r-- | config/data/stm32-vserprog/mkhelper.cfg | 2 | ||||
| -rw-r--r-- | config/grub/default/config/payload | 2 | ||||
| -rw-r--r-- | config/grub/nvme/config/payload | 2 | ||||
| -rw-r--r-- | config/grub/xhci/config/payload | 2 | ||||
| -rw-r--r-- | config/submodule/coreboot/coreboot413/module.list | 1 | ||||
| -rw-r--r-- | config/submodule/coreboot/coreboot413/vboot/module.cfg | 5 | ||||
| -rw-r--r-- | config/submodule/coreboot/coreboot413/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch | 178 | ||||
| -rw-r--r-- | config/vendor/hp820g2/pkg.cfg | 2 | ||||
| -rw-r--r-- | include/git.sh | 53 | ||||
| -rw-r--r-- | include/init.sh | 53 | ||||
| -rw-r--r-- | include/inject.sh | 113 | ||||
| -rw-r--r-- | include/lib.sh | 67 | ||||
| -rw-r--r-- | include/rom.sh | 52 | ||||
| -rwxr-xr-x | mk | 12 |
18 files changed, 131 insertions, 508 deletions
diff --git a/config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch b/config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch deleted file mode 100644 index dfc684e1..00000000 --- a/config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f22f408956bf02609a96b7d72fb3321da159bfc6 Mon Sep 17 00:00:00 2001 -From: Nico Huber <nico.huber@secunet.com> -Date: Tue, 22 Jun 2021 13:49:44 +0000 -Subject: [PATCH 1/1] cbfstool: Make use of spurious null-termination - -The null-termination of `filetypes` was added after the code was -written, obviously resulting in NULL dereferences. As some more -code has grown around the termination, it's hard to revert the -regression, so let's update the code that still used the array -length. - -This fixes commit 7f5f9331d1 (util/cbfstool: fix buffer over-read) -which actually did fix something, but only one path while it broke -two others. We should be careful with fixes, they can always break -something else. Especially when a dumb tool triggered the patching -it seems likely that fewer people looked into related code. - -Change-Id: If2ece1f5ad62952ed2e57769702e318ba5468f0c -Signed-off-by: Nico Huber <nico.huber@secunet.com> -Reviewed-on: https://review.coreboot.org/c/coreboot/+/55763 -Tested-by: build bot (Jenkins) <no-reply@coreboot.org> -Reviewed-by: Julius Werner <jwerner@chromium.org> ---- - util/cbfstool/common.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c -index e2ed38ffc4..539d0baccf 100644 ---- a/util/cbfstool/common.c -+++ b/util/cbfstool/common.c -@@ -168,10 +168,10 @@ void print_supported_architectures(void) - - void print_supported_filetypes(void) - { -- int i, number = ARRAY_SIZE(filetypes); -+ int i; - -- for (i=0; i<number; i++) { -- printf(" %s%c", filetypes[i].name, (i==(number-1))?'\n':','); -+ for (i=0; filetypes[i].name; i++) { -+ printf(" %s%c", filetypes[i].name, filetypes[i + 1].name ? ',' : '\n'); - if ((i%8) == 7) - printf("\n"); - } -@@ -180,7 +180,7 @@ void print_supported_filetypes(void) - uint64_t intfiletype(const char *name) - { - size_t i; -- for (i = 0; i < (sizeof(filetypes) / sizeof(struct typedesc_t)); i++) -+ for (i = 0; filetypes[i].name; i++) - if (strcmp(filetypes[i].name, name) == 0) - return filetypes[i].type; - return -1; --- -2.39.2 - diff --git a/config/coreboot/coreboot413/patches/0002-Fix-cbfstool-build-error-on-GCC-15-host-compiler.patch b/config/coreboot/coreboot413/patches/0002-Fix-cbfstool-build-error-on-GCC-15-host-compiler.patch deleted file mode 100644 index 9b7b8c5b..00000000 --- a/config/coreboot/coreboot413/patches/0002-Fix-cbfstool-build-error-on-GCC-15-host-compiler.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 06e8d7a9db4efe1dc2b7e5865b801a5518b38fbd Mon Sep 17 00:00:00 2001 -From: Alper Nebi Yasak <alpernebiyasak@gmail.com> -Date: Tue, 29 Apr 2025 17:31:13 +0300 -Subject: [PATCH 1/1] Fix cbfstool build error on GCC 15 host compiler - -GCC 15 now considers the unterminated-string-initialization warning as -part of -Werror by default. Coreboot compiles host utilities with the -system compiler, which results in getting this error in some files. - -Mark a hexadecimal translation table in cbfstool code as "nonstring" to -avoid the warning-turned-error. - -Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com> ---- - util/cbfstool/common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c -index 539d0baccf..f6fe647503 100644 ---- a/util/cbfstool/common.c -+++ b/util/cbfstool/common.c -@@ -188,7 +188,7 @@ uint64_t intfiletype(const char *name) - - char *bintohex(uint8_t *data, size_t len) - { -- static const char translate[16] = "0123456789abcdef"; -+ static const char translate[16] __attribute__((__nonstring__)) = "0123456789abcdef"; - - char *result = malloc(len * 2 + 1); - if (result == NULL) --- -2.39.5 - diff --git a/config/coreboot/coreboot413/target.cfg b/config/coreboot/coreboot413/target.cfg deleted file mode 100644 index a0aae341..00000000 --- a/config/coreboot/coreboot413/target.cfg +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: GPL-3.0-or-later - -tree="coreboot413" -rev="5c186c6777c9438ff4681929c9c25c98dee28bef" diff --git a/config/data/pico-serprog/mkhelper.cfg b/config/data/pico-serprog/mkhelper.cfg index 8e902bda..982c365b 100644 --- a/config/data/pico-serprog/mkhelper.cfg +++ b/config/data/pico-serprog/mkhelper.cfg @@ -4,4 +4,4 @@ sersrc="src/pico-serprog" serx="$sersrc/build/pico_serprog.uf2" picosdk="src/pico-sdk" serdir="$picosdk/src/boards/include/boards" -premake="mkserprog pico" +premake="$dry eval fx_ \"buildser pico\" x_ basename -as .h \"\$serdir/\"*.h" diff --git a/config/data/stm32-vserprog/mkhelper.cfg b/config/data/stm32-vserprog/mkhelper.cfg index 907e890f..bb2189a6 100644 --- a/config/data/stm32-vserprog/mkhelper.cfg +++ b/config/data/stm32-vserprog/mkhelper.cfg @@ -3,4 +3,4 @@ sersrc="src/stm32-vserprog" serx="$sersrc/stm32-vserprog.hex" serdir="$sersrc/boards" -mkhelper="mkserprog stm32" +mkhelper="$dry eval fx_ \"buildser stm32\" x_ basename -as .h \"\$serdir/\"*.h" diff --git a/config/grub/default/config/payload b/config/grub/default/config/payload index 3f134f1d..3d84413e 100644 --- a/config/grub/default/config/payload +++ b/config/grub/default/config/payload @@ -184,7 +184,7 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o # using * is slow on some machines, but we use it here, # just once. in so doing, we find every lvm volume for vol in (*); do - if regexp ^lvm/ $vol; then + if regexp ^\\(lvm/ $vol; then lvmvol="${lvmvol} ${vol}" try_bootcfg "${vol}" fi diff --git a/config/grub/nvme/config/payload b/config/grub/nvme/config/payload index 22dd8fe1..4f3de36e 100644 --- a/config/grub/nvme/config/payload +++ b/config/grub/nvme/config/payload @@ -196,7 +196,7 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o # using * is slow on some machines, but we use it here, # just once. in so doing, we find every lvm volume for vol in (*); do - if regexp ^lvm/ $vol; then + if regexp ^\\(lvm/ $vol; then lvmvol="${lvmvol} ${vol}" try_bootcfg "${vol}" fi diff --git a/config/grub/xhci/config/payload b/config/grub/xhci/config/payload index d1f81fd3..9db22fe2 100644 --- a/config/grub/xhci/config/payload +++ b/config/grub/xhci/config/payload @@ -197,7 +197,7 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o # using * is slow on some machines, but we use it here, # just once. in so doing, we find every lvm volume for vol in (*); do - if regexp ^lvm/ $vol; then + if regexp ^\\(lvm/ $vol; then lvmvol="${lvmvol} ${vol}" try_bootcfg "${vol}" fi diff --git a/config/submodule/coreboot/coreboot413/module.list b/config/submodule/coreboot/coreboot413/module.list deleted file mode 100644 index 08e76de0..00000000 --- a/config/submodule/coreboot/coreboot413/module.list +++ /dev/null @@ -1 +0,0 @@ -3rdparty/vboot diff --git a/config/submodule/coreboot/coreboot413/vboot/module.cfg b/config/submodule/coreboot/coreboot413/vboot/module.cfg deleted file mode 100644 index 79c98870..00000000 --- a/config/submodule/coreboot/coreboot413/vboot/module.cfg +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: GPL-3.0-or-later - -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="4c523ed10f25de872ac0513ebd6ca53d3970b9de" diff --git a/config/submodule/coreboot/coreboot413/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/coreboot413/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch deleted file mode 100644 index 1ac41de6..00000000 --- a/config/submodule/coreboot/coreboot413/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 -From: "Luke T. Shumaker" <lukeshu@lukeshu.com> -Date: Thu, 30 May 2024 14:08:33 -0600 -Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on - vmlinuz_header_{offset,size} - -The check on vmlinuz_header_offset and vmlinuz_header_size is obviously -wrong: - - if (!vmlinuz_header_size || - kpart_data + vmlinuz_header_offset + vmlinuz_header_size > - kpart_data) { - return 1; - } - -`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, -unless something has overflowed! And `vmlinuz_header_offset` hasn't even -been set yet (besides being initialized to zero)! - -GCC will deduce that if the check didn't cause the function to bail, then -vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range -[2GiB,4GiB). - -On platforms where size_t is 32-bits, this is *especially* broken. -memcpy's size argument must be in the range [0,2GiB). Because GCC has -proved that vmlinuz_header_size is higher than that, it will fail to -compile: - - host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] - -So, fix the check. - -I can now say that what I suspect the original author meant to write would -be the following patch, if `vmlinuz_header_offset` were already set: - - -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data - +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size - -This hypothesis is supported by `now` not getting incremented by -`kblob_size` the way it is for the keyblock and preamble sizes. - -However, we can also see that even this "corrected" bounds check is -insufficient: it does not detect the vmlinuz_header overflowing into -kblob_data. - -OK, so let's describe the fix: - -Have a `*vmlinuz_header` pointer instead of a -`uint64_t vmlinuz_header_offset`, to be more similar to all the other -regions. With this change, the correct check becomes a simple - - vmlinuz_header + vmlinuz_header_size > kblob_data - -While we're at it, make some changes that could have helped avoid this in -the first place: - - - Add comments. - - Calculate the vmlinuz_header offset right away, instead of waiting. - - Go ahead and increment `now` by `kblob_size`, to increase regularity. - -Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 ---- - host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- - 1 file changed, 51 insertions(+), 21 deletions(-) - -diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c -index 4ccfcf33..d2c09443 100644 ---- a/host/lib/extract_vmlinuz.c -+++ b/host/lib/extract_vmlinuz.c -@@ -15,16 +15,44 @@ - - int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - void **vmlinuz_out, size_t *vmlinuz_size) { -+ // We're going to be extracting `vmlinuz_header` and -+ // `kblob_data`, and returning the concatenation of them. -+ // -+ // kpart_data = +-[kpart_size]------------------------------------+ -+ // | | -+ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | -+ // | | struct vb2_keyblock keyblock | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // preamble = | +-[preamble->preamble_size]-------------------+ | -+ // | | struct vb2_kernel_preamble preamble | | -+ // | | char [] ...data... | | -+ // | | char [] vmlinuz_header | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // +-------------------------------------------------+ -+ - size_t now = 0; -+ // The 3 sections of kpart_data. -+ struct vb2_keyblock *keyblock = NULL; - struct vb2_kernel_preamble *preamble = NULL; - uint8_t *kblob_data = NULL; - uint32_t kblob_size = 0; -+ // vmlinuz_header -+ uint8_t *vmlinuz_header = NULL; - uint32_t vmlinuz_header_size = 0; -- uint64_t vmlinuz_header_address = 0; -- uint64_t vmlinuz_header_offset = 0; -+ // The concatenated result. - void *vmlinuz = NULL; - -- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; -+ // Isolate the 3 sections of kpart_data. -+ -+ keyblock = (struct vb2_keyblock *)kpart_data; - now += keyblock->keyblock_size; - if (now > kpart_size) - return 1; -@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - - kblob_data = kpart_data + now; - kblob_size = preamble->body_signature.data_size; -- -- if (!kblob_data || (now + kblob_size) > kpart_size) -+ now += kblob_size; -+ if (now > kpart_size) - return 1; - -+ // Find `vmlinuz_header` within `preamble`. -+ - if (preamble->header_version_minor > 0) { -- vmlinuz_header_address = preamble->vmlinuz_header_address; -+ // calculate the vmlinuz_header offset from -+ // the beginning of the kpart_data. The kblob doesn't -+ // include the body_load_offset, but does include -+ // the keyblock and preamble sections. -+ size_t vmlinuz_header_offset = -+ preamble->vmlinuz_header_address - -+ preamble->body_load_address + -+ keyblock->keyblock_size + -+ preamble->preamble_size; -+ -+ vmlinuz_header = kpart_data + vmlinuz_header_offset; - vmlinuz_header_size = preamble->vmlinuz_header_size; - } - -- if (!vmlinuz_header_size || -- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > -- kpart_data) { -+ if (!vmlinuz_header || -+ !vmlinuz_header_size || -+ vmlinuz_header + vmlinuz_header_size > kblob_data) { - return 1; - } - -- // calculate the vmlinuz_header offset from -- // the beginning of the kpart_data. The kblob doesn't -- // include the body_load_offset, but does include -- // the keyblock and preamble sections. -- vmlinuz_header_offset = vmlinuz_header_address - -- preamble->body_load_address + -- keyblock->keyblock_size + -- preamble->preamble_size; -+ // Concatenate and return. - - vmlinuz = malloc(vmlinuz_header_size + kblob_size); - if (vmlinuz == NULL) - return 1; -- -- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, -- vmlinuz_header_size); -- -+ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); - memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); - - *vmlinuz_out = vmlinuz; --- -2.45.1 - diff --git a/config/vendor/hp820g2/pkg.cfg b/config/vendor/hp820g2/pkg.cfg index 89303ad3..308148c5 100644 --- a/config/vendor/hp820g2/pkg.cfg +++ b/config/vendor/hp820g2/pkg.cfg @@ -7,5 +7,5 @@ MRC_url="https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_13904.77.0_s MRC_url_bkup="https://web.archive.org/web/20220310155922/https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_13904.77.0_samus_recovery_stable-channel_mp-v3.bin.zip" MRC_hash="3ff1599c52539f0707a07a8664a84ce51cd3fed1569df4bb7aa6722fc8dec0af1754250333b6ca1a9794d970a4de7b29a5cf2499f5b61e4c3eab64d1314aaea9" MRC_board="samus" -MRC_refcode_cbtree="coreboot413" +MRC_refcode_cbtree="fam15h" MRC_refcode_gbe="131253" diff --git a/include/git.sh b/include/git.sh index ded12625..9440b1af 100644 --- a/include/git.sh +++ b/include/git.sh @@ -54,9 +54,7 @@ git_prep() chkvars rev tmpclone "$1" "$2" "$tmpgit" "$rev" "$_patchdir" if singletree "$project" || [ $# -gt 4 ]; then - [ -f "$mdir/module.list" ] && while read -r msrcdir; do - fetch_submodule "$msrcdir" - done < "$mdir/module.list"; : + dx_ fetch_submodule "$mdir/module.list" fi [ "$_loc" != "$XBMK_CACHE/repo/$project" ] && \ @@ -66,15 +64,6 @@ git_prep() mv "$tmpgit" "$_loc" || err "git_prep: !mv $tmpgit $_loc" } -# return 0 if project is single-tree, otherwise 1 -# e.g. coreboot is multi-tree, so 1 -singletree() -{ - for targetfile in "config/${1}/"*/target.cfg; do - [ -e "$targetfile" ] && [ -f "$targetfile" ] && return 1; : - done; : -} - fetch_submodule() { mcfgdir="$mdir/${1##*/}"; eval \ @@ -100,40 +89,12 @@ fetch_submodule() tmpclone() { - livepull="n" && [ "$repofail" = "y" ] && \ - printf "Cached clone failed; trying online.\n" 1>&2 && livepull="y" - - repofail="n" - - [ $# -lt 6 ] || rm -Rf "$3" || err "git retry: !rm $3 ($1)" - repodir="$XBMK_CACHE/repo/${1##*/}" && [ $# -gt 5 ] && repodir="$3" - mkdir -p "$XBMK_CACHE/repo" || err "!rmdir $XBMK_CACHE/repo" - - if [ "$livepull" = "y" ] && [ ! -d "$repodir" ]; then - git clone "$1" "$repodir" || git clone $2 "$repodir" || \ - err "!clone $1 $2 $repodir $4 $5" # - elif [ -d "$repodir" ] && [ $# -lt 6 ]; then - git -C "$repodir" pull || sleep 3 || git -C "$repodir" pull \ - || sleep 3 || git -C "$repodir" pull || : - fi - ( - [ $# -gt 5 ] || git clone "$repodir" "$3" || err "!clone $repodir $3" - git -C "$3" reset --hard "$4" || err "!reset $1 $2 $3 $4 $5" - git_am_patches "$3" "$5" - ) || repofail="y" - - [ "$repofail" = "y" ] && [ $# -lt 6 ] && tmpclone "$@" retry - [ "$repofail" = "y" ] && err "!clone $1 $2 $3 $4 $5"; : -} - -git_am_patches() -{ - for p in "$2/"*; do - [ -L "$p" ] && continue - [ -e "$p" ] || continue - [ -d "$p" ] && git_am_patches "$1" "$p" && continue - [ ! -f "$p" ] || git -C "$1" am "$p" || err "$1 $2: !am $p" - done; : + [ -d "$3" ] && return 0 + printf "Creating git clone '%s' from '%s', '%s'\n" "$3" "$1" "$2" + git clone "$1" "$3" || x_ rm -Rf "$3" + [ -d "$3" ] || x_ git clone "$2" "$3" + x_ git -C "$3" reset --hard "$4" + fx_ "eval x_ git -C \"$3\" am" find "$5" -type f } nuke() diff --git a/include/init.sh b/include/init.sh index 8f5ab059..b9cb81b1 100644 --- a/include/init.sh +++ b/include/init.sh @@ -14,8 +14,6 @@ projectsite="https://libreboot.org/" export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" xbmkpath="$PATH" -xbmk_err="err_" - eval "`setvars "" _nogit board reinstall versiondate aur_notice configdir \ datadir version xbmkpwd relname xbmkpwd xbmktmp python pyver xbmklocal \ xbmklock`" @@ -33,7 +31,7 @@ xbmk_init() id -u 1>/dev/null 2>/dev/null || err "suid check failed (id -u)" [ "$(id -u)" != "0" ] || err "this command as root is not permitted" - for init_cmd in set_pyver set_env set_version git_init create_tmpdir \ + for init_cmd in set_pyver set_version set_env git_init create_tmpdir \ lock create_pathdirs child_exec; do xbmk_$init_cmd "$@" || break done @@ -82,8 +80,7 @@ pybin() # ideally, don't rely on PATH or hardcoded paths if python venv. # use the *real*, direct executable linked to by the venv symlink if [ $venv -gt 0 ] && [ -L "`command -v "$1" 2>/dev/null`" ]; then - # realpath isn't posix, but available mostly universally - pypath="$(realpath \ + pypath="$(findpath \ "$(command -v "$1" 2>/dev/null)" 2>/dev/null || :)" [ -e "$pypath" ] && [ ! -d "$pypath" ] && \ [ -x "$pypath" ] && printf "%s\n" "$pypath" && return 0; : @@ -100,26 +97,6 @@ pybin() command -v "$1" 2>/dev/null || return 1 } -xbmk_set_env() -{ - # XBMK_CACHE is a directory, for caching downloads and git repon - [ -z "${XBMK_CACHE+x}" ] && export XBMK_CACHE="$xbmkpwd/cache" - [ -z "$XBMK_CACHE" ] && export XBMK_CACHE="$xbmkpwd/cache" - [ -L "$XBMK_CACHE" ] && [ "$XBMK_CACHE" = "$xbmkpwd/cache" ] && \ - err "cachedir '$xbmkpwd/cache' is a symlink" - [ -L "$XBMK_CACHE" ] && export XBMK_CACHE="$xbmkpwd/cache" - [ -f "$XBMK_CACHE" ] && err "cachedir '$XBMK_CACHE' is a file"; : - - # if "y": a coreboot target won't be built if target.cfg says release="n" - # (this is used to exclude certain build targets from releases) - [ -z "${XBMK_RELEASE+x}" ] && export XBMK_RELEASE="n" - [ "$XBMK_RELEASE" = "y" ] || export XBMK_RELEASE="n" - - [ -z "${XBMK_THREADS+x}" ] && export XBMK_THREADS=1 - expr "X$XBMK_THREADS" : "X-\{0,1\}[0123456789][0123456789]*$" \ - 1>/dev/null 2>/dev/null || export XBMK_THREADS=1; : -} - xbmk_set_version() { [ ! -f ".version" ] || read -r version < ".version" || :; : @@ -142,7 +119,33 @@ xbmk_set_version() printf "%s\n" "$versiondate" > ".versiondate" || err "can't save date" relname="$projectname-$version" +} + +xbmk_set_env() +{ export LOCALVERSION="-$projectname-${version%%-*}" + + # XBMK_CACHE is a directory, for caching downloads and git repon + [ -z "${XBMK_CACHE+x}" ] && export XBMK_CACHE="$xbmkpwd/cache" + [ -z "$XBMK_CACHE" ] && export XBMK_CACHE="$xbmkpwd/cache" + [ -L "$XBMK_CACHE" ] && [ "$XBMK_CACHE" = "$xbmkpwd/cache" ] && \ + err "cachedir '$xbmkpwd/cache' is a symlink" + [ -L "$XBMK_CACHE" ] && export XBMK_CACHE="$xbmkpwd/cache" + xbmkcache="`findpath "$XBMK_CACHE"`" || \ + err "Can't resolve cachedir: '$XBMK_CACHE'" + export XBMK_CACHE="$xbmkcache" + [ ! -e "$XBMK_CACHE" ] || \ + [ -d "$XBMK_CACHE" ] || err "cachedir '$XBMK_CACHE' is a file"; : + + # if "y": a coreboot target won't be built if target.cfg says release="n" + # (this is used to exclude certain build targets from releases) + [ -z "${XBMK_RELEASE+x}" ] && export XBMK_RELEASE="n" + [ "$XBMK_RELEASE" = "Y" ] && export XBMK_RELEASE="y" + [ "$XBMK_RELEASE" = "y" ] || export XBMK_RELEASE="n" + + [ -z "${XBMK_THREADS+x}" ] && export XBMK_THREADS=1 + expr "X$XBMK_THREADS" : "X-\{0,1\}[0123456789][0123456789]*$" \ + 1>/dev/null 2>/dev/null || export XBMK_THREADS=1; : } xbmk_git_init() diff --git a/include/inject.sh b/include/inject.sh index 6aceb52c..c0b4409f 100644 --- a/include/inject.sh +++ b/include/inject.sh @@ -13,7 +13,6 @@ cbcfgsdir="config/coreboot" hashfiles="vendorhashes blobhashes" # blobhashes for backwards compatibility dontflash="!!! AN ERROR OCCURED! Please DO NOT flash if injection failed. !!!" vfix="DO_NOT_FLASH_YET._FIRST,_INJECT_FILES_VIA_INSTRUCTIONS_ON_LIBREBOOT.ORG_" -vguide="https://libreboot.org/docs/install/ivy_has_common.html" tmpromdel="$xbmklocal/DO_NOT_FLASH" nvm="util/nvmutil/nvm" ifdtool="elf/ifdtool/default/ifdtool" @@ -35,7 +34,7 @@ eval "`setvars "" has_hashes EC_hash DL_hash DL_url_bkup MRC_refcode_gbe vcfg \ mecleaner kbc1126_ec_dump MRC_refcode_cbtree new_mac _dl SCH5545EC_DL_url \ archive EC_url boarddir rom cbdir DL_url nukemode cbfstoolref FSPFD_hash \ _7ztest ME11bootguard ME11delta ME11version ME11sku ME11pch tmpromdir \ - IFD_platform ifdprefix cdir sdir _me _metmp mfs TBFW_url_bkup TBFW_url \ + IFD_platform ifdprefix _me _metmp mfs TBFW_url_bkup TBFW_url \ TBFW_hash TBFW_size hashfile xromsize xchanged EC_url_bkup need_files \ vfile cbcfg $cv`" @@ -49,9 +48,8 @@ download() readkconfig() { x_ rm -f "$xbmktmp/cbcfg" - cbcfg="`check_defconfig "$boarddir"`" || for cbc in $cv; do - grep "$cbc" "$cbcfg" 1>>"$xbmktmp/cbcfg" 2>/dev/null || : - done + fx_ scankconfig x_ find "$boarddir/config" -type f + eval "`setcfg "$xbmktmp/cbcfg" 1`" for c in $cvchk; do @@ -63,6 +61,13 @@ readkconfig() return 1 } +scankconfig() +{ + for cbc in $cv; do + grep "$cbc" "$1" 1>>"$xbmktmp/cbcfg" 2>/dev/null || : + done +} + bootstrap() { x_ ./mk -f coreboot ${cbdir##*/} @@ -133,15 +138,16 @@ extract_intel_me() { e "$mecleaner" f not && err "$cbdir: me_cleaner missing. $dontflash" - cdir="$xbmkpwd/$appdir" + _7ztest="$xbmklocal/metmp/a" _me="$xbmkpwd/$_dest" _metmp="$xbmklocal/me.bin" + x_ rm -f "$_metmp" "$xbmklocal/a" mfs="" && [ "$ME11bootguard" = "y" ] && mfs="--whitelist MFS" && \ chkvars ME11delta ME11version ME11sku ME11pch [ "$ME11bootguard" = "y" ] && x_ ./mk -f deguard - extract_intel_me_bruteforce + set +u +e && fx_ find_me x_ find "$xbmkpwd/$appdir" -type f [ "$ME11bootguard" != "y" ] && x_ mv "$_metmp" "$_me" && return 0 ( @@ -152,38 +158,18 @@ extract_intel_me() ) || err "Error running deguard for $_me - $dontflash"; : } -extract_intel_me_bruteforce() +find_me() { - [ $# -gt 0 ] && cdir="$1" - e "$_metmp" f && return 0 + e "$_metmp" f && x_ rm -Rf "$xbmklocal/metmp" && return 1 + [ -L "$1" ] && return 0 - [ -z "$sdir" ] && sdir="$(mktemp -d)" - x_ mkdir -p "$sdir" + _7ztest="${_7ztest}a" && _r="-r" && [ -n "$mfs" ] && _r="" - set +u +e - ( - [ "${cdir#/a}" != "$cdir" ] && cdir="${cdir#/}" - cd "$cdir" || err "extract_intel_me: !cd \"$cdir\" - $dontflash" - for i in *; do - c=0 && e "$_metmp" f && break - [ -L "$i" ] && continue - [ -e "$i" ] || continue - [ -d "$i" ] && extract_intel_me_bruteforce "$cdir/$i" && c=1 - if [ $c -eq 0 ] && [ -f "$i" ]; then - _r="-r" && [ -n "$mfs" ] && _r="" - "$mecleaner" $mfs $_r -t -O "$sdir/vendorfile" \ - -M "$_metmp" "$i" && break - "$mecleaner" $mfs $_r -t -O "$_metmp" "$i" && break - "$me7updateparser" -O "$_metmp" "$i" && break - _7ztest="${_7ztest}a" - extract_archive "$i" "$_7ztest" || continue - extract_intel_me_bruteforce "$cdir/$_7ztest" - fi - cdir="$1"; [ "${cdir#/a}" != "$cdir" ] && cdir="${cdir#/}" - cd "$cdir" || : - done - ) || : - rm -Rf "$sdir" || err "extract_intel_me: !rm -Rf $sdir - $dontflash" + "$mecleaner" $mfs $_r -t -O "$xbmklocal/a" -M "$_metmp" "$1" || \ + "$mecleaner" $mfs $_r -t -O "$_metmp" "$1" || "$me7updateparser" \ + -O "$_metmp" "$1" || extract_archive "$1" "$_7ztest" || return 0 + + fx_ find_me x_ find "$_7ztest" -type f || return 1; : } extract_archive() @@ -196,15 +182,11 @@ extract_archive() extract_kbc1126ec() { - x_ e "$kbc1126_ec_dump" f ( x_ cd "$appdir/" - mv Rompaq/68*.BIN ec.bin || : - if [ ! -f "ec.bin" ]; then - unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \ - unar -D 68*.CAB Rom.bin || err "kbc1126 unar failed" - x_ mv Rom.bin ec.bin - fi + mv Rompaq/68*.BIN ec.bin || unar -D ROM.CAB Rom.bin || unar -D \ + Rom.CAB Rom.bin || unar -D 68*.CAB Rom.bin || err "!kbc1126 unar" + [ -f "ec.bin" ] || x_ mv Rom.bin ec.bin x_ e ec.bin f && x_ "$kbc1126_ec_dump" ec.bin ) || err "$board: can't extract kbc1126 ec firmware - $dontflash" @@ -242,10 +224,10 @@ extract_sch5545ec() # https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t480-type-20l5-20l6/20l5/solutions/ht508988 extract_tbfw() { - chkvars TBFW_size && fe_ copy_tbfw "$appdir" -type f -name "TBT.bin" + chkvars TBFW_size; fx_ copytb x_ find "$appdir" -type f -name "TBT.bin" } -copy_tbfw() +copytb() { [ -f "$1" ] && [ ! -L "$1" ] && x_ dd if=/dev/null of="$1" bs=1 \ seek=$TBFW_size && x_ mv "$1" "$_dest" && return 1; : @@ -254,23 +236,12 @@ copy_tbfw() extract_fsp() { x_ python "$cbdir/3rdparty/fsp/Tools/SplitFspBin.py" split -f "$1" \ - -o "$2" -n "Fsp.fd" && x_ cp "$appdir/"Fsp_*.fd "${_dest%/*}" -} - -fail_inject() -{ - [ -L "$tmpromdel" ] || [ ! -d "$tmpromdel" ] || \ - rm -Rf "$tmpromdel" || : - printf "\n\n%s\n\n" "$dontflash" 1>&2 - printf "WARNING: File '%s' was NOT modified.\n\n" "$archive" 1>&2 - printf "Please MAKE SURE vendor files are inserted before flashing\n\n" - err_ "$1" + -o "${_dest%/*}" -n "Fsp.fd" } inject() { need_files="n" - xbmk_err="fail_inject" remkdir "$tmpromdel" set +u +e @@ -363,23 +334,14 @@ patch_release_roms() x_ tar -xf "$archive" -C "${tmpromdir%"/bin/$board"}" for _hashes in $hashfiles; do - [ "$need_files" = "y" ] || break - e "$tmpromdir/$_hashes" f && has_hashes="y" && \ - hashfile="$_hashes" && break; : + [ "$need_files" = "y" ] && e "$tmpromdir/$_hashes" f && \ + has_hashes="y" && hashfile="$_hashes" && break; : done - if readkconfig; then - fe_ prep_rom "$tmpromdir" -maxdepth 1 -type f -name "*.rom" - [ "$nukemode" != "nuke" ] || \ - printf "Make sure you inserted vendor files: %s\n" \ - "$vguide" > "$tmpromdir/README.md" || : - else - printf "Skipping vendorfiles on '%s'\n" "$archive" 1>&2 - need_files="n" - fi + readkconfig || exit 0; [ "$need_files" = "n" ] || \ + fx_ prep x_ find "$tmpromdir" -maxdepth 1 -type f -name "*.rom" ( - [ "$need_files" = "y" ] || exit 0 cd "$tmpromdir" || err "patch '$archive': can't cd $tmpromdir" # NOTE: For compatibility with older rom releases, defer to sha1 if [ "$has_hashes" = "y" ] && [ "$nukemode" != "nuke" ]; then @@ -389,7 +351,7 @@ patch_release_roms() fi ) || err "'$archive' -> Can't verify vendor hashes. $dontflash" - [ -z "$new_mac" ] || modify_mac || printf "\nGbE not defined\n" 1>&2 + [ -z "$new_mac" ] || [ -z "$CONFIG_GBE_BIN_PATH" ] || modify_mac [ "$xchanged" = "y" ] || rm -Rf "$tmpromdel" || : [ "$xchanged" = "y" ] || return 0 @@ -403,7 +365,7 @@ patch_release_roms() "$archive" || err "'$archive' -> Can't overwrite - $dontflash"; : } -prep_rom() +prep() { _xrom="$1" _xromname="${1##*/}" @@ -511,16 +473,11 @@ insert() modify_mac() { - [ -n "$CONFIG_GBE_BIN_PATH" ] || return 1 - x_ cp "${CONFIG_GBE_BIN_PATH##*../}" "$xbmklocal/gbe" [ -n "$new_mac" ] && [ "$new_mac" != "restore" ] && \ x_ "$nvm" "$xbmklocal/gbe" setmac "$new_mac" - fe_ newmac "$tmpromdir" -maxdepth 1 -type f -name "*.rom" - - printf "\nGbE NVM written to '%s':\n" "$archive" - x_ "$nvm" "$xbmklocal/gbe" dump | grep -v "bytes read from file" || : + fx_ newmac x_ find "$tmpromdir" -maxdepth 1 -type f -name "*.rom" } newmac() diff --git a/include/lib.sh b/include/lib.sh index 43b1a318..99e59a1a 100644 --- a/include/lib.sh +++ b/include/lib.sh @@ -105,14 +105,6 @@ mk() done; : } -check_defconfig() -{ - [ -d "$1" ] || err "Target '$1' not defined." - for x in "$1"/config/*; do - [ -f "$x" ] && printf "%s\n" "$x" && return 1 - done; : -} - setvars() { _setvars="" @@ -144,61 +136,50 @@ chkvars() done; : } -fe_() +# return 0 if project is single-tree, otherwise 1 +# e.g. coreboot is multi-tree, so 1 +singletree() { - find_ex "x_" "$@" + ( fx_ "exit 1" find "config/$1/"*/ -type f -name "target.cfg" ) || \ + return 1 } -fx_() +findpath() { - find_ex "" "$@" + [ $# -gt 0 ] || err "findpath: No arguments provided" + while [ $# -gt 0 ]; do + found="`readlink -f "$1" 2>/dev/null`" || return 1; : + [ -n "$found" ] || found="`realpath "$1" 2>/dev/null`" || \ + return 1; : + printf "%s\n" "$found" + shift 1 + done } -find_ex() +fx_() { - xmsg="$1" && shift 1 fd="`mktemp`" && x_ rm -f "$fd" && x_ touch "$fd" xx="$1" && shift 1 - $xmsg find "$@" 2>/dev/null | sort > "$fd" || \ - err "!find $(echo "$@") > \"$fd\"" - while read -r fx; do - $xx "$fx" || break; : - done < "$fd" + "$@" 2>/dev/null | sort 1>"$fd" 2>/dev/null || err "FATAL: !sort fx_" + dx_ "$xx" "$fd" || break x_ rm -f "$fd" } +dx_() +{ + [ -f "$2" ] && while read -r fx; do + $1 "$fx" || return 1 + done < "$2"; : +} + x_() { - [ $# -lt 1 ] && printf "WARNING: x_ called without arguments\n" 1>&2 [ $# -lt 1 ] || [ -n "$1" ] || err "Empty first arg: x_ $(echo "$@")" [ $# -lt 1 ] || "$@" || err "Unhandled error for: $(echo "$@")"; : } err() { - set -u -e - - xbmk_err_val=0 - real_err="" && [ -n "${xbmk_err+x}" ] && real_err="$xbmk_err" - - if [ -z "$real_err" ]; then - printf "WARNING: err not set. Defaulting to 'err_'\n" 1>&2 - real_err="err_" - fi - - ( - $real_err "$@" || err_ "Error function '$real_err' *returned* 1" - err_ "Error function '$real_err' didn't exit" - exit 1 # just in case! - ) || xbmk_err_val=1 # otherwise, it wrongly did exit 0, not exit 1 - - [ $xbmk_err_val -eq 0 ] && err_ "Error function '$real_err' did exit 0" - exit 1 # just in case! -} - -err_() -{ - [ $# -lt 1 ] && printf "ERROR (but no error message provided)\n" 1>&2 [ $# -lt 1 ] || printf "ERROR %s: %s\n" "$0" "$1" 1>&2 || : exit 1 } diff --git a/include/rom.sh b/include/rom.sh index af739d92..fdd0787f 100644 --- a/include/rom.sh +++ b/include/rom.sh @@ -7,24 +7,15 @@ grubdata="config/data/grub" -mkserprog() +buildser() { - [ "$_f" = "-d" ] && return 0 # dry run - basename -as .h "$serdir/"*.h > "$xbmktmp/ser" || \ - err "!mk $1 $xbmktmp" - - while read -r sertarget; do - [ "$1" = "pico" ] && x_ cmake -DPICO_BOARD="$sertarget" \ - -DPICO_SDK_PATH="$picosdk" -B "$sersrc/build" "$sersrc" \ - && x_ cmake --build "$sersrc/build" - [ "$1" = "stm32" ] && x_ make -C "$sersrc" \ - libopencm3-just-make BOARD=$sertarget && x_ make -C \ - "$sersrc" BOARD=$sertarget - x_ mkdir -p "bin/serprog_$1" - x_ mv "$serx" "bin/serprog_$1/serprog_$sertarget.${serx##*.}" - done < "$xbmktmp/ser" - - [ "$XBMK_RELEASE" = "y" ] && mkrom_tarball "bin/serprog_$1"; : + [ "$1" = "pico" ] && x_ cmake -DPICO_BOARD="$2" \ + -DPICO_SDK_PATH="$picosdk" -B "$sersrc/build" "$sersrc" && \ + x_ cmake --build "$sersrc/build" + [ "$1" = "stm32" ] && x_ make -C "$sersrc" libopencm3-just-make \ + BOARD=$2 && x_ make -C "$sersrc" BOARD=$2 + x_ mkdir -p "bin/serprog_$1" + x_ mv "$serx" "bin/serprog_$1/serprog_$2.${serx##*.}" } copyps1bios() @@ -192,9 +183,7 @@ mkseagrub() [ "$payload_grubsea" = "y" ] && pname="grub" [ "$payload_grubsea" = "y" ] || \ cbfs "$tmprom" "$grubdata/bootorder" bootorder raw - for keymap in config/data/grub/keymap/*.gkb; do - [ -f "$keymap" ] && cprom "${keymap##*/}"; : - done; : + fx_ cprom x_ find "$grubdata/keymap" -type f -name "*.gkb" } add_uboot() @@ -243,16 +232,25 @@ add_uboot() cprom() { - newrom="bin/$target/${pname}_${target}_$initmode.rom" + cpcmd="cp" + + tmpnew=""; newrom="bin/$target/${pname}_${target}_$initmode.rom" [ -n "$displaymode" ] && newrom="${newrom%.rom}_$displaymode.rom" - [ $# -gt 0 ] && [ "$1" != "seauboot" ] && \ - newrom="${newrom%.rom}_${1%.gkb}.rom" + [ $# -gt 0 ] && [ "${1%.gkb}" != "$1" ] && tmpnew="${1##*/}" && \ + newrom="${newrom%.rom}_${tmpnew%.gkb}.rom" - x_ mkdir -p "bin/$target" - x_ cp "$tmprom" "$newrom" && [ $# -gt 0 ] && [ "$1" != "seauboot" ] && \ - cbfs "$newrom" "config/data/grub/keymap/$1" keymap.gkb raw + irom="$tmprom" + [ $# -lt 1 ] || irom="`mktemp`" || err "!mk irom, $(echo "$@")" + [ $# -gt 0 ] && x_ cp "$tmprom" "$irom" && cpcmd="mv" + + [ $# -gt 0 ] && [ "${1%.gkb}" != "$1" ] && \ + cbfs "$irom" "$grubdata/keymap/$tmpnew" keymap.gkb raw [ $# -gt 0 ] && [ "$1" = "seauboot" ] && \ - cbfs "$newrom" "config/data/grub/bootorder_uboot" bootorder raw; : + cbfs "$irom" "$grubdata/bootorder_uboot" bootorder raw; : + + printf "Creating new %s image: '%s'\n" "$projectname" "$newrom" + x_ mkdir -p "bin/$target" + x_ $cpcmd "$irom" "$newrom" } cbfs() @@ -67,7 +67,7 @@ build_release() ( cd "$srcdir" || err "$vdir: !cd \"$srcdir\"" - ./mk -f + x_ ./mk -f rmgit . x_ mv src/docs docs ) || err "can't create release files" @@ -87,6 +87,8 @@ build_release() cd "$srcdir" || err "$vdir: 2 !cd \"$srcdir\"" x_ ./mk -d coreboot mk -b coreboot pico-serprog stm32-vserprog pcsx-redux + + fx_ mkrom_tarball x_ find bin -maxdepth 1 -type d -name "serprog_*" x_ mv bin ../roms ) || err "can't build rom images" @@ -279,7 +281,7 @@ check_project_hashes() [ ! -f "$XBMK_CACHE/hash/$project$tree" ] || \ read -r old_pjhash < "$XBMK_CACHE/hash/$project$tree" - fx_ "x_ sha512sum" "$datadir" "$configdir/$tree" "$mdir" \ + fx_ "x_ sha512sum" find "$datadir" "$configdir/$tree" "$mdir" \ -type f -not -path "*/.git*/*" | awk '{print $1}' > \ "$xbmktmp/project.hash" || err "!h $project $tree" @@ -370,10 +372,8 @@ check_defconfig() elfcheck() { - # TODO: very hacky check. do it properly (based on build.list) - for elftest in "$dest_dir"/*; do - [ -e "$elftest" ] && e "$elftest" f && return 1 - done; : + # TODO: *STILL* very hacky check. do it properly (based on build.list) + ( fx_ "exit 1" find "$dest_dir" -type f ) || return 1; : } handle_makefile() |