diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/git.sh | 20 | ||||
-rw-r--r-- | include/lib.sh | 102 | ||||
-rw-r--r-- | include/mrc.sh | 2 | ||||
-rw-r--r-- | include/rom.sh | 72 | ||||
-rw-r--r-- | include/vendor.sh | 607 |
5 files changed, 605 insertions, 198 deletions
diff --git a/include/git.sh b/include/git.sh index 2c43cd22..21a1f3b7 100644 --- a/include/git.sh +++ b/include/git.sh @@ -1,9 +1,9 @@ # SPDX-License-Identifier: GPL-3.0-or-later -# Copyright (c) 2020-2021,2023-2024 Leah Rowe <leah@libreboot.org> +# Copyright (c) 2020-2021,2023-2025 Leah Rowe <leah@libreboot.org> # Copyright (c) 2022 Caleb La Grange <thonkpeasant@protonmail.com> -eval `setvars "" loc url bkup_url subfile subhash subrepo subrepo_bkup \ - depend subfile_bkup repofail` +eval "`setvars "" loc url bkup_url subfile subhash subrepo subrepo_bkup \ + depend subfile_bkup repofail`" fetch_targets() { @@ -18,8 +18,8 @@ fetch_targets() fetch_project() { - eval `setvars "" xtree tree_depend` - eval `setcfg "config/git/$project/pkg.cfg"` + eval "`setvars "" xtree tree_depend`" + eval "`setcfg "config/git/$project/pkg.cfg"`" chkvars url @@ -71,7 +71,8 @@ prep_submodules() fetch_submodule() { mcfgdir="$mdir/${1##*/}" - eval `setvars "" subhash subrepo subrepo_bkup subfile subfile_bkup st` + eval "`setvars "" subhash subrepo subrepo_bkup subfile subfile_bkup \ + st`" [ ! -f "$mcfgdir/module.cfg" ] || . "$mcfgdir/module.cfg" || \ $err "! . $mcfgdir/module.cfg" @@ -91,10 +92,9 @@ fetch_submodule() "$mdir/${1##*/}/patches" } -livepull="n" tmpclone() { - [ "$repofail" = "y" ] && \ + livepull="n" && [ "$repofail" = "y" ] && \ printf "Cached clone failed; trying online.\n" 1>&2 && livepull="y" repofail="n" @@ -104,7 +104,7 @@ tmpclone() mkdir -p "$XBMK_CACHE/repo" || $err "!rmdir $XBMK_CACHE/repo" if [ "$livepull" = "y" ] && [ ! -d "$repodir" ]; then - git clone $1 "$repodir" || git clone $2 "$repodir" || \ + git clone "$1" "$repodir" || git clone $2 "$repodir" || \ $err "!clone $1 $2 $repodir $4 $5" # elif [ -d "$repodir" ] && [ $# -lt 6 ]; then git -C "$repodir" pull || sleep 3 || git -C "$repodir" pull \ @@ -116,7 +116,7 @@ tmpclone() git_am_patches "$3" "$5" ) || repofail="y" - [ "$repofail" = "y" ] && [ $# -lt 6 ] && tmpclone $@ retry + [ "$repofail" = "y" ] && [ $# -lt 6 ] && tmpclone "$@" retry [ "$repofail" = "y" ] && $err "!clone $1 $2 $3 $4 $5"; : } diff --git a/include/lib.sh b/include/lib.sh index c765f6b8..b43d83f3 100644 --- a/include/lib.sh +++ b/include/lib.sh @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-3.0-only # Copyright (c) 2022 Caleb La Grange <thonkpeasant@protonmail.com> # Copyright (c) 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> -# Copyright (c) 2020-2024 Leah Rowe <leah@libreboot.org> +# Copyright (c) 2020-2025 Leah Rowe <leah@libreboot.org> export LC_COLLATE=C export LC_ALL=C @@ -10,6 +10,7 @@ _ua="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0" ifdtool="elf/ifdtool/default/ifdtool" cbfstool="elf/cbfstool/default/cbfstool" +rmodtool="elf/cbfstool/default/rmodtool" tmpgit="$PWD/tmp/gitclone" grubdata="config/data/grub" err="err_" @@ -22,23 +23,23 @@ err_() setvars() { _setvars="" && [ $# -lt 2 ] && $err "setvars: too few arguments" - val="$1" && shift 1 && for var in $@; do + val="$1" && shift 1 && for var in "$@"; do _setvars="$var=\"$val\"; $_setvars" done; printf "%s\n" "${_setvars% }" } chkvars() { - for var in $@; do - eval "[ -n "\${$var+x}" ] || \$err \"$var unset\"" - eval "[ -n "\$$var" ] || \$err \"$var unset\"" + for var in "$@"; do + eval "[ -n \"\${$var+x}\" ] || \$err \"$var unset\"" + eval "[ -n \"\$$var\" ] || \$err \"$var unset\"" done; return 0 } -eval `setvars "" _nogit board xbmk_parent versiondate projectsite projectname \ - aur_notice configdir datadir version relname` +eval "`setvars "" _nogit board reinstall versiondate projectsite projectname \ + aur_notice configdir datadir version relname xbmk_parent`" for fv in projectname projectsite version versiondate; do - eval "[ ! -f "$fv" ] || read -r $fv < \"$fv\" || :" + eval "[ ! -f \"$fv\" ] || read -r $fv < \"$fv\" || :" done; chkvars projectname projectsite setcfg() @@ -62,40 +63,72 @@ e() install_packages() { [ $# -lt 2 ] && $err "fewer than two arguments" - eval `setcfg "config/dependencies/$2"` + [ $# -gt 2 ] && reinstall="$3" + eval "`setcfg "config/dependencies/$2"`" + + chkvars pkg_add pkglist $pkg_add $pkglist || $err "Cannot install packages" [ -n "$aur_notice" ] && \ - printf "You need AUR packages: %s\n" "$aur_notice" 1>&2; return 0 + printf "You need AUR packages: %s\n" "$aur_notice" 1>&2; : } if [ $# -gt 0 ] && [ "$1" = "dependencies" ]; then - install_packages $@ || exit 1 + install_packages "$@" || exit 1 exit 0 fi +pyver="2" +python="python3" +command -v python3 1>/dev/null || python="python" +command -v $python 1>/dev/null || pyver="" +[ -z "$pyver" ] || \ + python -c 'import sys; print(sys.version_info[:])' 1>/dev/null \ + 2>/dev/null || $err "Cannot determine which Python version." +[ -n "$pyver" ] && \ + pyver="`python -c 'import sys; print(sys.version_info[:])' | \ + awk '{print $1}'`" && \ + pyver="${pyver#(}" && pyver="${pyver%,}" +if [ "${pyver%%.*}" != "3" ]; then + printf "Wrong python version, or python missing. Must be v 3.x.\n" 1>&2 + exit 1 +fi + id -u 1>/dev/null 2>/dev/null || $err "suid check failed (id -u)" [ "$(id -u)" != "0" ] || $err "this command as root is not permitted" +# XBMK_CACHE is a directory, for caching downloads and git repositories +[ -z "${XBMK_CACHE+x}" ] && export XBMK_CACHE="$PWD/cache" +[ -z "$XBMK_CACHE" ] && export XBMK_CACHE="$PWD/cache" +[ -L "$XBMK_CACHE" ] && [ "$XBMK_CACHE" = "$PWD/cache" ] && \ + $err "cachedir is default, $PWD/cache, but it exists and is a symlink" +[ -L "$XBMK_CACHE" ] && export XBMK_CACHE="$PWD/cache" +[ -f "$XBMK_CACHE" ] && $err "cachedir '$XBMK_CACHE' exists but it's a file" + +# unify all temporary files/directories in a single TMPDIR [ -z "${TMPDIR+x}" ] || [ "${TMPDIR%_*}" = "/tmp/xbmk" ] || unset TMPDIR [ -n "${TMPDIR+x}" ] && export TMPDIR="$TMPDIR" - if [ -z "${TMPDIR+x}" ]; then [ -f "lock" ] && $err "$PWD/lock exists. Is a build running?" export TMPDIR="/tmp" export TMPDIR="$(mktemp -d -t xbmk_XXXXXXXX)" touch lock || $err "cannot create 'lock' file" + rm -Rf "$XBMK_CACHE/xbmkpath" "$XBMK_CACHE/gnupath" || \ + $err "cannot remove xbmkpath" + mkdir -p "$XBMK_CACHE/gnupath" "$XBMK_CACHE/xbmkpath" || \ + $err "cannot create gnupath" + export PATH="$XBMK_CACHE/xbmkpath:$XBMK_CACHE/gnupath:$PATH" || \ + $err "Can't create gnupath/xbmkpath" + ( + # set up python v3.x in PATH, in case it's not set up correctly. + # see code above that detected the correct python3 command. + cd "$XBMK_CACHE/xbmkpath" || $err "can't cd $XBMK_CACHE/xbmkpath" + ln -s "`command -v "$python"`" python || \ + $err "Can't set up python symlink in $XBMK_CACHE/xbmkpath" + ) || $err "Can't set up python symlink in $XBMK_CACHE/xbmkpath" xbmk_parent="y" fi -# XBMK_CACHE is a directory, for caching downloads and git repositories -[ -z "${XBMK_CACHE+x}" ] && export XBMK_CACHE="$PWD/cache" -[ -z "$XBMK_CACHE" ] && export XBMK_CACHE="$PWD/cache" -[ -L "$XBMK_CACHE" ] && [ "$XBMK_CACHE" = "$PWD/cache" ] && \ - $err "cachedir is default, $PWD/cache, but it exists and is a symlink" -[ -L "$XBMK_CACHE" ] && export XBMK_CACHE="$PWD/cache" -[ -f "$XBMK_CACHE" ] && $err "cachedir '$XBMK_CACHE' exists but it's a file" - # if "y": a coreboot target won't be built if target.cfg says release="n" # (this is used to exclude certain build targets from releases) [ -z "${XBMK_RELEASE+x}" ] && export XBMK_RELEASE="n" @@ -106,7 +139,7 @@ expr "X$XBMK_THREADS" : "X-\{0,1\}[0123456789][0123456789]*$" \ 1>/dev/null 2>/dev/null || export XBMK_THREADS=1 # user gave a non-integer x_() { - [ $# -lt 1 ] || $@ || \ + [ $# -lt 1 ] || "$@" || \ $err "Unhandled non-zero exit: $(echo "$@")"; return 0 } @@ -152,11 +185,10 @@ mkrom_tarball() mktarball() { - [ "${2%/*}" = "$2" ] || \ + if [ "${2%/*}" != "$2" ]; then mkdir -p "${2%/*}" || $err "mk, !mkdir -p \"${2%/*}\"" - printf "\nCreating archive: %s\n\n" "$2" + fi tar -c "$1" | xz -T$XBMK_THREADS -9e > "$2" || $err "mktarball 2, $1" - mksha512sum "$2" "${2##*/}.sha512" } mksha512sum() @@ -185,8 +217,11 @@ singletree() done; return 0 } +# can grab from the internet, or copy locally. +# if copying locally, it can only copy a file. download() { + _dlop="curl" && [ $# -gt 4 ] && _dlop="$5" cached="$XBMK_CACHE/file/$4" dl_fail="n" # 1 url, 2 url backup, 3 destination, 4 checksum vendor_checksum "$4" "$cached" 2>/dev/null && dl_fail="y" @@ -197,8 +232,21 @@ download() [ "$dl_fail" = "n" ] && break [ -z "$url" ] && continue rm -f "$cached" || $err "!rm -f '$cached'" - curl --location --retry 3 -A "$_ua" "$url" -o "$cached" || \ - wget --tries 3 -U "$_ua" "$url" -O "$cached" || continue + if [ "$_dlop" = "curl" ]; then + curl --location --retry 3 -A "$_ua" "$url" \ + -o "$cached" || wget --tries 3 -U "$_ua" "$url" \ + -O "$cached" || continue + elif [ "$_dlop" = "copy" ]; then + [ -L "$url" ] && \ + printf "dl %s %s %s %s: '%s' is a symlink\n" \ + "$1" "$2" "$3" "$4" "$url" 1>&2 && continue + [ ! -f "$url" ] && \ + printf "dl %s %s %s %s: '%s' not a file\n" \ + "$1" "$2" "$3" "$4" "$url" 1>&2 && continue + cp "$url" "$cached" || continue + else + $err "$1 $2 $3 $4: Unsupported dlop type: '$_dlop'" + fi vendor_checksum "$4" "$cached" || dl_fail="n" done; [ "$dl_fail" = "y" ] && $err "$1 $2 $3 $4: not downloaded" [ "$cached" = "$3" ] || cp "$cached" "$3" || $err "!d cp $cached $3"; : @@ -235,7 +283,7 @@ cbfs() mk() { mk_flag="$1" || $err "No argument given" - shift 1 && for mk_arg in $@; do + shift 1 && for mk_arg in "$@"; do ./mk $mk_flag $mk_arg || $err "./mk $mk_flag $mk_arg"; : done; : } diff --git a/include/mrc.sh b/include/mrc.sh index 2e00d9f9..f5db2ff0 100644 --- a/include/mrc.sh +++ b/include/mrc.sh @@ -4,7 +4,7 @@ # Modifications in this version are Copyright 2021, 2023 and 2024 Leah Rowe. # Original copyright detailed in repo: https://review.coreboot.org/coreboot/ -eval `setvars "" MRC_url MRC_url_bkup MRC_hash MRC_board SHELLBALL` +eval "`setvars "" MRC_url MRC_url_bkup MRC_hash MRC_board SHELLBALL`" extract_mrc() { diff --git a/include/rom.sh b/include/rom.sh index f21b6302..3e8c9c9b 100644 --- a/include/rom.sh +++ b/include/rom.sh @@ -1,18 +1,30 @@ # SPDX-License-Identifier: GPL-3.0-or-later -# Copyright (c) 2014-2016,2020-2021,2023-2024 Leah Rowe <leah@libreboot.org> +# Copyright (c) 2014-2016,2020-2021,2023-2025 Leah Rowe <leah@libreboot.org> # Copyright (c) 2021-2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> # Copyright (c) 2022 Caleb La Grange <thonkpeasant@protonmail.com> # Copyright (c) 2022-2023 Alper Nebi Yasak <alpernebiyasak@gmail.com> -# Copyright (c) 2023 Riku Viitanen <riku.viitanen@protonmail.com> +# Copyright (c) 2023-2024 Riku Viitanen <riku.viitanen@protonmail.com> mkserprog() { + [ $# -lt 1 ] && $err "mkserprog: no arguments provided" [ "$_f" = "-d" ] && return 0 # dry run + + [ "$1" = "pico" ] && mkpicotool + basename -as .h "$serdir/"*.h > "$TMPDIR/ser" || $err "!mk $1 $TMPDIR" while read -r sertarget; do - [ "$1" = "rp2040" ] && x_ cmake -DPICO_BOARD="$sertarget" \ + [ "$1" = "pico" ] && + x_ rm -rf "$sersrc/build" \ + && (pt=$(x_ grep "pico_cmake_set" \ + "$picosdk/src/boards/include/boards/$sertarget.h" \ + | grep "PICO_PLATFORM" | cut -d= -f2 | tr -d [:blank:]) + mkdir -p "$sersrc/build_$pt" + ln -srf "$sersrc/build_$pt/" "$sersrc/build") \ + && x_ cmake -DPICO_BOARD="$sertarget" \ -DPICO_SDK_PATH="$picosdk" -B "$sersrc/build" "$sersrc" \ + -Dpicotool_DIR="$picotool/picotool" \ && x_ cmake --build "$sersrc/build" [ "$1" = "stm32" ] && x_ make -C "$sersrc" \ libopencm3-just-make BOARD=$sertarget && x_ make -C \ @@ -23,6 +35,18 @@ mkserprog() [ "$XBMK_RELEASE" = "y" ] && mkrom_tarball "bin/serprog_$1"; return 0 } +mkpicotool() +{ + rm -Rf "$picotool" || $err "Can't remove picotool builddir" + ( + x_ cd src/picotool + cmake -DCMAKE_INSTALL_PREFIX=xbmkbin -DPICOTOOL_FLAT_INSTALL=1 \ + -DPICO_SDK_PATH=../pico-sdk || \ + $err "Can't prep picotool" + make install || $err "Can't build picotool"; : + ) || $err "Can't build picotool"; : +} + copyps1bios() { x_ rm -Rf bin/playstation @@ -36,8 +60,8 @@ copyps1bios() mkpayload_grub() { - eval `setvars "" grub_modules grub_install_modules` - $dry eval `setcfg "$grubdata/module/$tree"` + eval "`setvars "" grub_modules grub_install_modules`" + $dry eval "`setcfg "$grubdata/module/$tree"`" $dry x_ rm -f "$srcdir/grub.elf"; $dry \ "$srcdir/grub-mkstandalone" --grub-mkimage="$srcdir/grub-mkimage" \ -O i386-coreboot -o "$srcdir/grub.elf" -d "${srcdir}/grub-core/" \ @@ -55,7 +79,7 @@ mkvendorfiles() printf "%s\n" "${version%%-*}" > "$srcdir/.coreboot-version" || \ $err "!mk $srcdir .coreboot-version" [ -z "$mode" ] && [ "$target" != "$tree" ] && \ - x_ ./vendor download $target; return 0 + x_ ./mk download "$target"; return 0 } cook_coreboot_config() @@ -77,10 +101,14 @@ check_coreboot_utils() utilmode="" && [ -n "$mode" ] && utilmode="clean" x_ make -C "$utilsrcdir" $utilmode -j$XBMK_THREADS $makeargs - [ -z "$mode" ] && [ ! -f "$utilelfdir/$util" ] && \ - x_ mkdir -p "$utilelfdir" && \ - x_ cp "$utilsrcdir/$util" "elf/$util/$1" - [ -z "$mode" ] || x_ rm -Rf "$utilelfdir"; continue + if [ -z "$mode" ] && [ ! -f "$utilelfdir/$util" ]; then + x_ mkdir -p "$utilelfdir" + x_ cp "$utilsrcdir/$util" "$utilelfdir" + [ "$util" = "cbfstool" ] || continue + x_ cp "$utilsrcdir/rmodtool" "$utilelfdir" + elif [ -n "$mode" ]; then + x_ rm -Rf "$utilelfdir" + fi; continue done; return 0 } @@ -102,7 +130,8 @@ mkcorebootbin() if [ "$payload_uboot_i386" = "y" ] || \ [ "$payload_uboot_amd64" = "y" ]; then - printf "'$target' has x86 U-Boot; assuming SeaBIOS=y\n" 1>&2 + printf "'%s' has x86 U-Boot; assuming SeaBIOS=y\n" \ + "$target" 1>&2 payload_seabios="y" fi @@ -193,10 +222,12 @@ mkseagrub() add_uboot() { if [ "$displaymode" = "txtmode" ]; then - printf "cb/$target: Cannot use U-Boot in text mode\n" 1>&2 + printf "cb/%s: Cannot use U-Boot in text mode\n" \ + "$target" 1>&2 return 0 elif [ "$initmode" = "normal" ]; then - printf "cb/$target: Cannot use U-Boot in normal initmode\n" 1>&2 + printf "cb/%s: Cannot use U-Boot in normal initmode\n" \ + "$target" 1>&2 return 0 fi @@ -244,15 +275,16 @@ cprom() x_ cp "$tmprom" "$newrom" && [ $# -gt 0 ] && [ "$1" != "seauboot" ] && \ cbfs "$newrom" "config/data/grub/keymap/$1" keymap.gkb raw [ $# -gt 0 ] && [ "$1" = "seauboot" ] && \ - cbfs "$newrom" "config/data/grub/bootorder_uboot" "bootorder" raw - - [ "$XBMK_RELEASE" = "y" ] || return 0 - $dry mksha512sum "$newrom" "vendorhashes"; $dry ./vendor inject \ - -r "$newrom" -b "$target" -n nuke || $err "!nuke $newrom" + cbfs "$newrom" "config/data/grub/bootorder_uboot" bootorder raw; : } mkcoreboottar() { - [ "$target" = "$tree" ] && return 0; [ "$XBMK_RELEASE" = "y" ] && \ - [ "$release" != "n" ] && $dry mkrom_tarball "bin/$target"; : + [ "$target" = "$tree" ] && return 0 + [ "$XBMK_RELEASE" = "y" ] || return 0 + [ "$release" != "n" ] || return 0 + $dry mkrom_tarball "bin/$target" + $dry ./mk inject "bin/${relname}_${target}.tar.xz" nuke || \ + $err "Can't delete vendorfiles in 'bin/${relname}_$target.tar.xz'" + return 0 } diff --git a/include/vendor.sh b/include/vendor.sh index d12d94e3..bde245d9 100644 --- a/include/vendor.sh +++ b/include/vendor.sh @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-3.0-only # Copyright (c) 2022 Caleb La Grange <thonkpeasant@protonmail.com> # Copyright (c) 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> -# Copyright (c) 2023-2024 Leah Rowe <leah@libreboot.org> +# Copyright (c) 2023-2025 Leah Rowe <leah@libreboot.org> e6400_unpack="$PWD/src/bios_extract/dell_inspiron_1100_unpacker.py" me7updateparser="$PWD/util/me7_update_parser/me7_update_parser.py" @@ -10,6 +10,11 @@ uefiextract="$PWD/elf/uefitool/uefiextract" vendir="vendorfiles" appdir="$vendir/app" cbcfgsdir="config/coreboot" +hashfiles="vendorhashes blobhashes" # blobhashes for backwards compatibility +dontflash="!!! AN ERROR OCCURED! Please DO NOT flash if injection failed. !!!" +vfix="DO_NOT_FLASH_YET._FIRST,_INJECT_FILES_VIA_INSTRUCTIONS_ON_LIBREBOOT.ORG_" +vguide="https://libreboot.org/docs/install/ivy_has_common.html" +tmpromdel="$PWD/tmp/DO_NOT_FLASH" cv="CONFIG_HAVE_ME_BIN CONFIG_ME_BIN_PATH CONFIG_INCLUDE_SMSC_SCH5545_EC_FW \ CONFIG_SMSC_SCH5545_EC_FW_FILE CONFIG_KBC1126_FIRMWARE CONFIG_KBC1126_FW1 \ @@ -17,16 +22,19 @@ cv="CONFIG_HAVE_ME_BIN CONFIG_ME_BIN_PATH CONFIG_INCLUDE_SMSC_SCH5545_EC_FW \ CONFIG_VGA_BIOS_FILE CONFIG_VGA_BIOS_ID CONFIG_BOARD_DELL_E6400 \ CONFIG_HAVE_MRC CONFIG_MRC_FILE CONFIG_HAVE_REFCODE_BLOB \ CONFIG_REFCODE_BLOB_FILE CONFIG_GBE_BIN_PATH CONFIG_IFD_BIN_PATH \ - CONFIG_LENOVO_TBFW_BIN" + CONFIG_LENOVO_TBFW_BIN CONFIG_FSP_FD_PATH CONFIG_FSP_M_FILE \ + CONFIG_FSP_S_FILE CONFIG_FSP_S_CBFS CONFIG_FSP_M_CBFS CONFIG_FSP_USE_REPO \ + CONFIG_FSP_FULL_FD" -eval `setvars "" EC_url_bkup EC_hash DL_hash DL_url_bkup MRC_refcode_gbe vcfg \ +eval "`setvars "" has_hashes EC_hash DL_hash DL_url_bkup MRC_refcode_gbe vcfg \ E6400_VGA_DL_hash E6400_VGA_DL_url E6400_VGA_DL_url_bkup E6400_VGA_offset \ E6400_VGA_romname SCH5545EC_DL_url_bkup SCH5545EC_DL_hash _dest tree \ mecleaner kbc1126_ec_dump MRC_refcode_cbtree new_mac _dl SCH5545EC_DL_url \ - archive EC_url boarddir rom cbdir DL_url nukemode cbfstoolref vrelease \ - verify _7ztest ME11bootguard ME11delta ME11version ME11sku ME11pch \ + archive EC_url boarddir rom cbdir DL_url nukemode cbfstoolref FSPFD_hash \ + _7ztest ME11bootguard ME11delta ME11version ME11sku ME11pch tmpromdir \ IFD_platform ifdprefix cdir sdir _me _metmp mfs TBFW_url_bkup TBFW_url \ - TBFW_hash TBFW_size $cv` + TBFW_hash TBFW_size hashfile xromsize xchanged EC_url_bkup need_files \ + vfile $cv`" vendor_download() { @@ -38,27 +46,27 @@ readkconfig() { check_defconfig "$boarddir" 1>"$TMPDIR/vendorcfg.list" && return 1 - rm -f "$TMPDIR/tmpcbcfg" || $err "!rm -f \"$TMPDIR/tmpcbcfg\"" + rm -f "$TMPDIR/tmpcbcfg" || $err "!rm $TMPDIR/tmpcbcfg - $dontflash" while read -r cbcfgfile; do for cbc in $cv; do rm -f "$TMPDIR/tmpcbcfg2" || \ - $err "!rm $TMPDIR/tmpcbcfg2" + $err "!rm $TMPDIR/tmpcbcfg2 - $dontflash" grep "$cbc" "$cbcfgfile" 1>"$TMPDIR/tmpcbcfg2" \ 2>/dev/null || : [ -f "$TMPDIR/tmpcbcfg2" ] || continue cat "$TMPDIR/tmpcbcfg2" >> "$TMPDIR/tmpcbcfg" || \ - $err "!cat $TMPDIR/tmpcbcfg2" + $err "!cat $TMPDIR/tmpcbcfg2 - $dontflash" done done < "$TMPDIR/vendorcfg.list" - eval `setcfg "$TMPDIR/tmpcbcfg"` + eval "`setcfg "$TMPDIR/tmpcbcfg"`" for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \ CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW \ - CONFIG_LENOVO_TBFW_BIN; do + CONFIG_LENOVO_TBFW_BIN CONFIG_FSP_M_FILE CONFIG_FSP_S_FILE; do eval "[ \"\${$c}\" = \"/dev/null\" ] && continue" eval "[ -z \"\${$c}\" ] && continue" - eval `setcfg "config/vendor/$vcfg/pkg.cfg"`; return 0 + eval "`setcfg "$vfile"`"; return 0 done printf "Vendor files not needed for: %s\n" "$board" 1>&2; return 1 } @@ -70,7 +78,7 @@ bootstrap() [ -d "${kbc1126_ec_dump%/*}" ] && x_ make -C "$cbdir/util/kbc1126" [ -n "$MRC_refcode_cbtree" ] && \ cbfstoolref="elf/cbfstool/$MRC_refcode_cbtree/cbfstool" && \ - x_ ./mk -d coreboot $MRC_refcode_cbtree; return 0 + x_ ./mk -d coreboot "$MRC_refcode_cbtree"; return 0 } getfiles() @@ -87,30 +95,50 @@ getfiles() [ -z "$CONFIG_HAVE_MRC" ] || fetch "mrc" "$MRC_url" "$MRC_url_bkup" \ "$MRC_hash" "$CONFIG_MRC_FILE" [ -z "$CONFIG_LENOVO_TBFW_BIN" ] || fetch "tbfw" "$TBFW_url" \ - "$TBFW_url_bkup" "$TBFW_hash" "$CONFIG_LENOVO_TBFW_BIN"; return 0 + "$TBFW_url_bkup" "$TBFW_hash" "$CONFIG_LENOVO_TBFW_BIN" + # + # in the future, we might have libre fsp-s and then fsp-m. + # therefore, handle them separately, in case one of them is libre; if + # one of them was, the path wouldn't be set. + # + [ -z "$CONFIG_FSP_M_FILE" ] || fetch "fspm" "$CONFIG_FSP_FD_PATH" \ + "$CONFIG_FSP_FD_PATH" "$FSPFD_hash" "$CONFIG_FSP_M_FILE" copy + [ -z "$CONFIG_FSP_S_FILE" ] || fetch "fsps" "$CONFIG_FSP_FD_PATH" \ + "$CONFIG_FSP_FD_PATH" "$FSPFD_hash" "$CONFIG_FSP_S_FILE" copy; : } fetch() { dl_type="$1"; dl="$2"; dl_bkup="$3"; dlsum="$4"; _dest="${5##*../}" [ "$5" = "/dev/null" ] && return 0; _dl="$XBMK_CACHE/file/$dlsum" + if [ "$dl_type" = "fspm" ] || [ "$dl_type" = "fsps" ]; then + # HACK: if grabbing fsp from coreboot, fix the path for lbmk + for _cdl in dl dl_bkup; do + eval "$_cdl=\"\${$_cdl##*../}\"; _cdp=\"\$$_cdl\"" + [ -f "$_cdp" ] || _cdp="$cbdir/$_cdp" + [ -f "$_cdp" ] && eval "$_cdl=\"$_cdp\"" + done + fi - download "$dl" "$dl_bkup" "$_dl" "$dlsum" + dlop="curl" && [ $# -gt 5 ] && dlop="$6" + download "$dl" "$dl_bkup" "$_dl" "$dlsum" "$dlop" - rm -Rf "${_dl}_extracted" || $err "!rm -Rf ${_ul}_extracted" + rm -Rf "${_dl}_extracted" || $err "!rm ${_ul}_extracted. $dontflash" e "$_dest" f && return 0 - mkdir -p "${_dest%/*}" || $err "mkdirs: !mkdir -p ${_dest%/*}" - remkdir "$appdir"; extract_archive "$_dl" "$appdir" || \ - [ "$dl_type" = "e6400vga" ] || $err "mkd $_dest $dl_type: !extract" + mkdir -p "${_dest%/*}" || \ + $err "mkdirs: !mkdir -p ${_dest%/*} - $dontflash" + remkdir "$appdir"; extract_archive "$_dl" "$appdir" "$dl_type" || \ + [ "$dl_type" = "e6400vga" ] || \ + $err "mkd $_dest $dl_type: !extract. $dontflash" eval "extract_$dl_type"; set -u -e - e "$_dest" f missing && $err "!extract_$dl_type"; : + e "$_dest" f missing && $err "!extract_$dl_type. $dontflash"; : } extract_intel_me() { - e "$mecleaner" f not && $err "$cbdir: me_cleaner missing" + e "$mecleaner" f not && $err "$cbdir: me_cleaner missing. $dontflash" cdir="$PWD/$appdir" _me="$PWD/$_dest" @@ -126,7 +154,7 @@ extract_intel_me() if [ "$ME11bootguard" = "y" ]; then apply_me11_deguard_mod else - mv "$_metmp" "$_me" || $err "!mv $_metmp" "$_me" + mv "$_metmp" "$_me" || $err "!mv $_metmp $_me - $dontflash" fi } @@ -137,12 +165,13 @@ extract_intel_me_bruteforce() e "$_metmp" f && return 0 [ -z "$sdir" ] && sdir="$(mktemp -d)" - mkdir -p "$sdir" || $err "extract_intel_me: !mkdir -p \"$sdir\"" + mkdir -p "$sdir" || \ + $err "extract_intel_me: !mkdir -p \"$sdir\" - $dontflash" set +u +e ( [ "${cdir#/a}" != "$cdir" ] && cdir="${cdir#/}" - cd "$cdir" || $err "extract_intel_me: !cd \"$cdir\"" + cd "$cdir" || $err "extract_intel_me: !cd \"$cdir\" - $dontflash" for i in *; do [ -f "$_metmp" ] && break [ -L "$i" ] && continue @@ -164,7 +193,7 @@ extract_intel_me_bruteforce() cd "$cdir" || : done ) - rm -Rf "$sdir" || $err "extract_intel_me: !rm -Rf $sdir" + rm -Rf "$sdir" || $err "extract_intel_me: !rm -Rf $sdir - $dontflash" } apply_me11_deguard_mod() @@ -175,37 +204,61 @@ apply_me11_deguard_mod() --version "$ME11version" \ --pch "$ME11pch" --sku "$ME11sku" --fake-fpfs data/fpfs/zero \ --input "$_metmp" --output "$_me" || \ - $err "Error running deguard for $_me" - ) || $err "Error running deguard for $_me" + $err "Error running deguard for $_me - $dontflash" + ) || $err "Error running deguard for $_me - $dontflash" } extract_archive() { + if [ $# -gt 2 ]; then + if [ "$3" = "fspm" ] || [ "$3" = "fsps" ]; then + decat_fspfd "$1" "$2" + return 0 + fi + fi + innoextract "$1" -d "$2" || python "$pfs_extract" "$1" -e || 7z x \ "$1" -o"$2" || unar "$1" -o "$2" || unzip "$1" -d "$2" || return 1 [ ! -d "${_dl}_extracted" ] || cp -R "${_dl}_extracted" "$2" || \ - $err "!mv '${_dl}_extracted' '$2'"; : + $err "!mv '${_dl}_extracted' '$2' - $dontflash"; : +} + +decat_fspfd() +{ + _fspfd="$1" + _fspdir="$2" + _fspsplit="$cbdir/3rdparty/fsp/Tools/SplitFspBin.py" + + $python "$_fspsplit" split -f "$_fspfd" -o "$_fspdir" -n "Fsp.fd" || \ + $err "decat_fspfd '$1' '$2': Can't de-concatenate; $dontflash"; : } extract_kbc1126ec() { - e "$kbc1126_ec_dump" f missing && $err "$cbdir: kbc1126 util missing" + e "$kbc1126_ec_dump" f missing && \ + $err "$cbdir: kbc1126 util missing - $dontflash" ( x_ cd "$appdir/"; mv Rompaq/68*.BIN ec.bin || : if [ ! -f "ec.bin" ]; then unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \ - unar -D 68*.CAB Rom.bin || $err "can't extract Rom.bin" + unar -D 68*.CAB Rom.bin || \ + $err "can't extract Rom.bin - $dontflash" x_ mv Rom.bin ec.bin fi - [ -f ec.bin ] || $err "extract_kbc1126_ec $board: can't extract" - "$kbc1126_ec_dump" ec.bin || $err "!1126ec $board extract ecfw" - ) || $err "can't extract kbc1126 ec firmware" - - e "$appdir/ec.bin.fw1" f not && $err "$board: kbc1126ec fetch failed" - e "$appdir/ec.bin.fw2" f not && $err "$board: kbc1126ec fetch failed" - - cp "$appdir/"ec.bin.fw* "${_dest%/*}/" || $err "!cp 1126ec $_dest" + [ -f ec.bin ] || \ + $err "extract_kbc1126_ec $board: can't extract - $dontflash" + "$kbc1126_ec_dump" ec.bin || \ + $err "!1126ec $board extract ecfw - $dontflash" + ) || $err "can't extract kbc1126 ec firmware - $dontflash" + + e "$appdir/ec.bin.fw1" f not && \ + $err "$board: kbc1126ec fetch failed - $dontflash" + e "$appdir/ec.bin.fw2" f not && \ + $err "$board: kbc1126ec fetch failed - $dontflash" + + cp "$appdir/"ec.bin.fw* "${_dest%/*}/" || \ + $err "!cp 1126ec $_dest - $dontflash"; : } extract_e6400vga() @@ -215,11 +268,12 @@ extract_e6400vga() tail -c +$E6400_VGA_offset "$_dl" | gunzip > "$appdir/bios.bin" || : ( x_ cd "$appdir" - [ -f "bios.bin" ] || $err "extract_e6400vga: can't extract bios.bin" + [ -f "bios.bin" ] || \ + $err "extract_e6400vga: can't extract bios.bin - $dontflash" "$e6400_unpack" bios.bin || printf "TODO: fix dell extract util\n" - ) || $err "can't extract e6400 vga rom" + ) || $err "can't extract e6400 vga rom - $dontflosh" cp "$appdir/$E6400_VGA_romname" "$_dest" || \ - $err "extract_e6400vga $board: can't copy vga rom to $_dest" + $err "extract_e6400vga $board: can't cp $_dest - $dontflash"; : } extract_sch5545ec() @@ -231,8 +285,9 @@ extract_sch5545ec() _sch5545ec_fw="$_sch5545ec_fw/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3" _sch5545ec_fw="$_sch5545ec_fw/0 Raw section/body.bin" # <-- this! - "$uefiextract" "$_bios" || $err "sch5545 !extract" - cp "$_sch5545ec_fw" "$_dest" || $err "$_dest: !sch5545 copy" + "$uefiextract" "$_bios" || $err "sch5545 !extract - $dontflash" + cp "$_sch5545ec_fw" "$_dest" || \ + $err "$_dest: !sch5545 copy - $dontflash"; : } # Lenovo ThunderBolt firmware updates: @@ -243,135 +298,345 @@ extract_tbfw() x_ mkdir -p tmp x_ rm -f tmp/tb.bin find "$appdir" -type f -name "TBT.bin" > "tmp/tb.txt" || \ - $err "extract_tbfw $_dest: Can't extract TBT.bin" + $err "extract_tbfw $_dest: Can't extract TBT.bin - $dontflash" while read -r f; do [ -f "$f" ] || continue [ -L "$f" ] && continue cp "$f" "tmp/tb.bin" || \ - $err "extract_tbfw $_dest: Can't copy TBT.bin" + $err "extract_tbfw $_dest: Can't copy TBT.bin - $dontflash" break done < "tmp/tb.txt" dd if=/dev/null of=tmp/tb.bin bs=1 seek=$TBFW_size || \ - $err "extract_tbfw $_dest: Can't pad TBT.bin" - cp "tmp/tb.bin" "$_dest" || $err "extract_tbfw $_dest: copy error"; : + $err "extract_tbfw $_dest: Can't pad TBT.bin - $dontflash" + cp "tmp/tb.bin" "$_dest" || \ + $err "extract_tbfw $_dest: copy error - $dontflash "; : } -vendor_inject() +extract_fspm() { - set +u +e; [ $# -lt 1 ] && $err "No options specified." - [ "$1" = "listboards" ] && eval "ls -1 config/coreboot || :; return 0" - - archive="$1"; while getopts n:r:b:m: option; do - case "$option" in - n) nukemode="$OPTARG" ;; - r) rom="$OPTARG" ;; - b) board="$OPTARG" ;; - m) new_mac="$OPTARG"; chkvars new_mac ;; - *) : ;; - esac - done + copy_fsp M; : +} - check_board || return 0 - [ "$nukemode" = "nuke" ] || x_ ./vendor download $board - if [ "$vrelease" = "y" ]; then - patch_release_roms - else - patch_rom "$rom" || : - fi; : +extract_fsps() +{ + copy_fsp S; : } -check_board() +# this copies the fsp s/m; re-base is handled by ./mk inject +copy_fsp() { - failcheck="y" && check_release "$archive" && failcheck="n" - if [ "$failcheck" = "y" ]; then - [ -f "$rom" ] || $err "check_board \"$rom\": invalid path" - [ -z "${rom+x}" ] && $err "check_board: no rom specified" - [ -n "${board+x}" ] || board="$(detect_board "$rom")" - else - vrelease="y"; board="$(detect_board "$archive")" - fi - readcfg || return 1; return 0 + cp "$appdir/Fsp_$1.fd" "$_dest" || \ + $err "copy_fsp: Can't copy $1 to $_dest - $dontflash"; : } -check_release() +fail_inject() { - [ -f "$archive" ] || return 1 - [ "${archive##*.}" = "xz" ] || return 1 - printf "%s\n" "Release archive $archive detected" + [ -L "$tmpromdel" ] || [ ! -d "$tmpromdel" ] || \ + rm -Rf "$tmpromdel" || : + printf "\n\n%s\n\n" "$dontflash" 1>&2 + printf "WARNING: File '%s' was NOT modified.\n\n" "$archive" 1>&2 + printf "Please MAKE SURE vendor files are inserted before flashing\n\n" + fail "$1" +} + +vendor_inject() +{ + need_files="n" # will be set to "y" if vendorfiles needed + _olderr="$err" + err="fail_inject" + remkdir "$tmpromdel" + + set +u +e; [ $# -lt 1 ] && $err "No options specified. - $dontflash" + eval "`setvars "" nukemode new_mac xchanged`" + + # randomise the MAC address by default + # TODO: support setting CBFS MAC address for GA-G41M-ES2L + new_mac="??:??:??:??:??:??" + + archive="$1"; + [ $# -gt 1 ] && case "$2" in + nuke) + new_mac="" + nukemode="nuke" ;; + setmac) + [ $# -gt 2 ] && new_mac="$3" && \ + [ -z "$new_mac" ] && $err \ + "You set an empty MAC address string" ;; + *) $err "Unrecognised inject mode: '$2'" + esac + + # allow the user to skip setting MAC addresses. + # if new_mac is empty, this script skips running nvmutil + [ "$new_mac" = "keep" ] && new_mac="" + + # we don't allow the *user* to clear new_mac, in the setmac + # command, in case the build system is being integrated with + # another, where setmac is relied upon and is being set + # explicitly. this is a preventative error handle, as a courtes + # to that hypothetical user e.g. Linux distro package maintainer + # integrating this build system into their distro. if they used + # a variable for that, and they forgot to initialise it, they'll know. + + check_release "$archive" || \ + $err "You must run this script on a release archive. - $dontflash" + + [ "$new_mac" = "restore" ] && \ + printf "Restoring default GbE for '$archive', board '$board'\n" + + readcfg && need_files="y" + if [ "$need_files" = "y" ] || [ -n "$new_mac" ]; then + [ "$nukemode" = "nuke" ] || x_ ./mk download "$board" + patch_release_roms + fi + [ "$need_files" != "y" ] && printf \ + "\nTarball '%s' (board '%s) doesn't need vendorfiles.\n" \ + "$archive" "$board" 1>&2 + + xtype="patched" && [ "$nukemode" = "nuke" ] && xtype="nuked" + [ "$xchanged" != "y" ] && \ + printf "\nRelease archive '%s' was *NOT* modified.\n" \ + "$archive" && [ "$has_hashes" = "y" ] && \ + printf "WARNING: '%s' contains '%s'. DO NOT FLASH!\n" \ + "$archive" "$hashfile" 1>&2 && \ + printf "(vendorfiles may be needed and aren't there)\n" \ + 1>&2 + [ "$xchanged" = "y" ] && \ + printf "\nRelease archive '%s' successfully %s.\n" \ + "$archive" "$xtype" && [ "$nukemode" != "nuke" ] && \ + printf "You may now extract '%s' and flash images from it.\n" \ + "$archive" + [ "$xchanged" = "y" ] && [ "$nukemode" = "nuke" ] && \ + printf "WARNING! Vendorfiles *removed*. DO NOT FLASH.\n" 1>&2 \ + && printf "DO NOT flash images from '%s'\n" \ + "$archive" 1>&2 + + [ "$need_files" = "n" ] && printf \ + "Board '%s' doesn't use vendorfiles, so none were inserted.\n" \ + "$board" + + # + # catch-all error handler, for libreboot release opsec: + # + # if vendor files defined, and a hash file was missing, that means + # a nuke must succeed, if specified. if no hashfile was present, + # that means vendorfiles had been injected, so a nuke must succeed. + # this check is here in case of future bugs in lbmk's handling + # of vendorfile deletions on release archives, which absolutely + # must always be 100% reliable, so paranoia is paramount: + # + if [ "$xchanged" != "y" ] && [ "$need_files" = "y" ] && \ + [ "$nukemode" = "nuke" ] && [ "$has_hashes" != "y" ]; then + printf "FAILED NUKE: tarball '$archive', board '$board'\n" 1>&2 + $err "Unhandled vendorfile deletion: DO NOT RELEASE TO RSYNC" + fi # of course, we assume that those variables are also set right + + err="$_olderr" + return 0 } -# This function tries to determine the board from the filename of the rom. -# It will only succeed if the filename is not changed from the build/download -detect_board() +check_release() { - path="$1"; filename="$(basename "$path")" - case "$filename" in - grub_*|seagrub_*|custom_*) - board="$(echo "$filename" | cut -d '_' -f2-3)" ;; - seabios_withgrub_*) - board="$(echo "$filename" | cut -d '_' -f3-4)" ;; - *.tar.xz) _stripped_prefix="${filename#*_}" + [ -L "$archive" ] && \ + $err "'$archive' is a symlink, not a file - $dontflash" + [ -f "$archive" ] || return 1 + archivename="`basename "$archive"`" + [ -z "$archivename" ] && \ + $err "Cannot determine archive file name - $dontflash" + + case "$archivename" in + *_src.tar.xz) + $err "'$archive' is a src archive, silly!" ;; + grub_*|seagrub_*|custom_*|seauboot_*|seabios_withgrub_*) + return 1 ;; + *.tar.xz) _stripped_prefix="${archivename#*_}" board="${_stripped_prefix%.tar.xz}" ;; - *) $err "detect_board $filename: could not detect board type" - esac; printf "%s\n" "$board" + *) $err "'$archive': could not detect board type - $dontflash" + esac; : } readcfg() { if [ "$board" = "serprog_rp2040" ] || \ - [ "$board" = "serprog_stm32" ]; then + [ "$board" = "serprog_stm32" ] || \ + [ "$board" = "serprog_pico" ]; then return 1 - fi; boarddir="$cbcfgsdir/$board" - eval `setcfg "$boarddir/target.cfg"`; chkvars vcfg tree + fi + boarddir="$cbcfgsdir/$board" + + eval "`setcfg "$boarddir/target.cfg"`" + chkvars tree + x_ ./mk -d coreboot "$tree" # even if vendorfiles not used, see: setmac + + [ -z "$vcfg" ] && return 1 + vfile="config/vendor/$vcfg/pkg.cfg" + [ -L "$vfile" ] && $err "'$archive', '$board': $vfile is a symlink" + [ -f "$vfile" ] || $err "'$archive', '$board': $vfile doesn't exist" cbdir="src/coreboot/$tree" cbfstool="elf/cbfstool/$tree/cbfstool" + rmodtool="elf/cbfstool/$tree/rmodtool" mecleaner="$PWD/$cbdir/util/me_cleaner/me_cleaner.py" kbc1126_ec_dump="$PWD/$cbdir/util/kbc1126/kbc1126_ec_dump" cbfstool="elf/cbfstool/$tree/cbfstool" ifdtool="elf/ifdtool/$tree/ifdtool" - [ -n "$IFD_platform" ] && ifdprefix="-p $IFD_platform" - - x_ ./mk -d coreboot $tree + [ -n "$IFD_platform" ] && ifdprefix="-p $IFD_platform"; : } patch_release_roms() { - remkdir "tmp/romdir"; tar -xf "$archive" -C "tmp/romdir" || \ - $err "patch_release_roms: !tar -xf \"$archive\" -C \"tmp/romdir\"" - - for x in "tmp/romdir/bin/"*/*.rom ; do - patch_rom "$x" || return 0 + has_hashes="n" + + tmpromdir="tmp/DO_NOT_FLASH/bin/$board" + remkdir "${tmpromdir%"/bin/$board"}" + tar -xf "$archive" -C "${tmpromdir%"/bin/$board"}" || \ + $err "Can't extract '$archive'" + + for _hashes in $hashfiles; do + [ -L "$tmpromdir/$_hashes" ] && \ + $err "'$archive' -> the hashfile is a symlink. $dontflash" + [ -f "$tmpromdir/$_hashes" ] && has_hashes="y" && \ + hashfile="$_hashes" && break; : done - ( - cd "tmp/romdir/bin/"* || $err "patch roms: !cd tmp/romdir/bin/*" + x_ mkdir -p "tmp"; [ -L "tmp/rom.list" ] && \ + $err "'$archive' -> tmp/rom.list is a symlink - $dontflash" + x_ rm -f "tmp/rom.list" "tmp/zero.1b" + x_ dd if=/dev/zero of=tmp/zero.1b bs=1 count=1 + + find "$tmpromdir" -maxdepth 1 -type f -name "*.rom" > "tmp/rom.list" \ + || $err "'$archive' -> Can't make tmp/rom.list - $dontflash" + + if readkconfig; then + while read -r _xrom ; do + process_release_rom "$_xrom" || break + done < "tmp/rom.list" + rm -f "$tmpromdir/README.md" || : + [ "$nukemode" != "nuke" ] || \ + printf "Make sure you inserted vendor files: %s\n" \ + "$vguide" > "$tmpromdir/README.md" || : + else + printf "Skipping vendorfiles on '%s'\n" "$archive" 1>&2 + fi + ( + cd "$tmpromdir" || $err "patch '$archive': can't cd $tmpromdir" # NOTE: For compatibility with older rom releases, defer to sha1 - [ "$verify" != "y" ] || [ "$nukemode" = "nuke" ] || \ - sha512sum --status -c vendorhashes || \ - sha1sum --status -c vendorhashes || sha512sum --status -c \ - blobhashes || sha1sum --status -c blobhashes || \ - $err "patch_release_roms: ROMs did not match expected hashes" - ) || $err "can't verify vendor hashes" - - [ -n "$new_mac" ] && for x in "tmp/romdir/bin/"*/*.rom ; do - [ -f "$x" ] && modify_gbe "$x" - done + if [ "$has_hashes" = "y" ] && [ "$nukemode" != "nuke" ]; then + sha512sum --status -c "$hashfile" || \ + sha1sum --status -c "$hashfile" || \ + $err "'$archive' -> Can't verify vendor hashes. $dontflash" + rm -f "$hashfile" || \ + $err "$archive: Can't rm hashfile. $dontflash" + fi + ) || $err "'$archive' -> Can't verify vendor hashes. $dontflash" + + if [ -n "$new_mac" ]; then + if ! modify_mac_addresses; then + printf "\nNo GbE region defined for '%s'\n" "$board" \ + 1>&2 + printf "Therefore, changing the MAC is impossible.\n" \ + 1>&2 + printf "This board probably lacks Intel ethernet.\n" \ + 1>&2 + printf "(or it's pre-IFD Intel with Intel GbE NIC)\n" \ + 1>&2 + fi + fi + + [ "$xchanged" = "y" ] || rm -Rf "$tmpromdel" || : + [ "$xchanged" = "y" ] || return 0 + ( + cd "${tmpromdir%"/bin/$board"}" || \ + $err "Can't cd '${tmpromdir%"/bin/$board"}'; $dontflash" + # ../../ is the root of lbmk + mkrom_tarball "bin/$board" + ) || $err "Cannot re-generate '$archive' - $dontflash" + + mv "${tmpromdir%"/bin/$board"}/bin/${relname}_${board}.tar.xz" \ + "$archive" || \ + $err "'$archive' -> Cannot overwrite - $dontflash"; : +} + +process_release_rom() +{ + _xrom="$1"; _xromname="${1##*/}" + [ -L "$_xrom" ] && \ + $err "$archive -> '${_xrom#"tmp/DO_NOT_FLASH/"}' is a symlink" + [ -f "$_xrom" ] || return 0 + + [ -z "${_xromname#"$vfix"}" ] && \ + $err "'$_xromname'->'"${_xromname#"$vfix"}"' empty. $dontflash" + # Remove the prefix and 1-byte pad + if [ "$nukemode" != "nuke" ] && \ + [ "${_xromname#"$vfix"}" != "$_xromname" ]; then + _xromnew="${_xrom%/*}/${_xromname#"$vfix"}" + + # Remove the 1-byte padding + stat -c '%s' "$_xrom" > "tmp/rom.size" || \ + $err "$_xrom: Can't get rom size. $dontflash" + read -r xromsize < "tmp/rom.size" || \ + $err "$_xrom: Can't read rom size. $dontflash" + + expr "X$xromsize" : "X-\{0,1\}[0123456789][0123456789]*$" \ + 1>/dev/null 2>/dev/null || $err "$_xrom size non-integer" + [ $xromsize -lt 2 ] && $err \ + "$_xrom: Will not create empty file. $dontflash" + + # TODO: check whether the size would be a multiple of 64KB + # the smallest rom images we do are 512kb + xromsize="`expr $xromsize - 1`" + [ $xromsize -lt 524288 ] && \ + $err "$_xrom size too small; likely not a rom. $dontflash" + + dd if="$_xrom" of="$_xromnew" bs=$xromsize count=1 || \ + $err "$_xrom: Can't resize. $dontflash" + rm -f "$_xrom" || $err "Can't rm $_xrom - $dontflash" + + _xrom="$_xromnew" + fi + + [ "$nukemode" = "nuke" ] && \ + mksha512sum "$_xrom" "vendorhashes" + + patch_rom "$_xrom" || return 1 # if break return, can still change MAC + [ "$nukemode" != "nuke" ] && return 0 - x_ mkdir -p bin/release - mv tmp/romdir/bin/* bin/release/ || $err "$board: !mv release roms" + # Rename the file, prefixing a warning saying not to flash + # the target image, which now has vendor files removed. Also + # pad it so that flashprog returns an error if the user tries + # to flash it, due to mismatching ROM size vs chip size + cat "$_xrom" tmp/zero.1b > "${_xrom%/*}/$vfix${_xrom##*/}" || \ + $err "'$archive' -> can't pad/rename '$_xrom'. $dontflash" + rm -f "$_xrom" || $err "'$archive' -> can't rm '$_xrom'. $dontflash" } patch_rom() { rom="$1" - readkconfig || return 1 - [ "$CONFIG_HAVE_MRC" = "y" ] && inject "mrc.bin" "$CONFIG_MRC_FILE" \ - "mrc" "0xfffa0000" + # regarding ifs below: + # if a hash file exists, we only want to allow inject. + # if a hash file is missing, we only want to allow nuke. + # this logical rule prevents double-nuke and double-inject + + # if injecting without a hash file i.e. inject what was injected + # (or inject where no vendor files are needed, covered previously) + if [ "$has_hashes" != "y" ] && [ "$nukemode" != "nuke" ]; then + printf "inject: '%s' has no hash file. Skipping.\n" \ + "$archive" 1>&2 + return 1 + fi + # nuking *with* a hash file, i.e. nuking what was nuked before + if [ "$has_hashes" = "y" ] && [ "$nukemode" = "nuke" ]; then + printf "inject nuke: '%s' has a hash file. Skipping nuke.\n" \ + "$archive" 1>&2 + return 1 + fi + [ -n "$CONFIG_HAVE_REFCODE_BLOB" ] && inject "fallback/refcode" \ "$CONFIG_REFCODE_BLOB_FILE" "stage" + [ "$CONFIG_HAVE_MRC" = "y" ] && inject "mrc.bin" "$CONFIG_MRC_FILE" \ + "mrc" "0xfffa0000" [ "$CONFIG_HAVE_ME_BIN" = "y" ] && inject IFD "$CONFIG_ME_BIN_PATH" me [ "$CONFIG_KBC1126_FIRMWARE" = "y" ] && inject ecfw1.bin \ "$CONFIG_KBC1126_FW1" raw "$CONFIG_KBC1126_FW1_OFFSET" && inject \ @@ -381,21 +646,44 @@ patch_rom() [ "$CONFIG_INCLUDE_SMSC_SCH5545_EC_FW" = "y" ] && \ [ -n "$CONFIG_SMSC_SCH5545_EC_FW_FILE" ] && \ inject sch5545_ecfw.bin "$CONFIG_SMSC_SCH5545_EC_FW_FILE" raw - [ -n "$new_mac" ] && [ "$vrelease" != "y" ] && modify_gbe "$rom" + # + # coreboot adds FSP-M first. so we shall add it first, then S: + # NOTE: + # We skip the fetch if CONFIG_FSP_USE_REPO or CONFIG_FSP_FULL_FD is set + # but only for inject/nuke. we still run fetch (see above) because on + # _fsp targets, coreboot still needs them, but coreboot Kconfig uses + # makefile syntax and puts $(obj) in the path, which makes no sense + # in sh. So we modify the path there, but lbmk only uses the file + # in vendorfiles/ if neither CONFIG_FSP_USE_REPO nor CONFIG_FSP_FULL_FD + # are set + # + [ -z "$CONFIG_FSP_USE_REPO" ] && [ -z "$CONFIG_FSP_FULL_FD" ] && \ + [ -n "$CONFIG_FSP_M_FILE" ] && \ + inject "$CONFIG_FSP_M_CBFS" "$CONFIG_FSP_M_FILE" fsp --xip + [ -z "$CONFIG_FSP_USE_REPO" ] && [ -z "$CONFIG_FSP_FULL_FD" ] && \ + [ -n "$CONFIG_FSP_S_FILE" ] && \ + inject "$CONFIG_FSP_S_CBFS" "$CONFIG_FSP_S_FILE" fsp + # TODO: modify gbe *after checksum verification only* + # TODO: insert default gbe if doing -n nuke printf "ROM image successfully patched: %s\n" "$rom" + xchanged="y" } inject() { - [ $# -lt 3 ] && $err "$@, $rom: usage: inject name path type (offset)" - [ "$2" = "/dev/null" ] && return 0; verify="y" + [ $# -lt 3 ] && $err "$*, $rom: usage: inject name path type (offset)" + [ "$2" = "/dev/null" ] && return 0 - eval `setvars "" cbfsname _dest _t _offset` + eval "`setvars "" cbfsname _dest _t _offset`" cbfsname="$1"; _dest="${2##*../}"; _t="$3" - [ $# -gt 3 ] && _offset="-b $4" && [ -z "$4" ] && \ - $err "inject $@, $rom: offset passed, but empty (not defined)" + if [ "$_t" = "fsp" ]; then + [ $# -gt 3 ] && _offset="$4" + else + [ $# -gt 3 ] && _offset="-b $4" && [ -z "$4" ] && \ + $err "inject $*, $rom: offset given but empty (undefined)" + fi e "$_dest" f n && [ "$nukemode" != "nuke" ] && $err "!inject $dl_type" @@ -404,26 +692,65 @@ inject() $_t:$_dest "$rom" -O "$rom" || \ $err "failed: inject '$_t' '$_dest' on '$rom'" [ "$nukemode" != "nuke" ] || "$ifdtool" $ifdprefix --nuke $_t \ - "$rom" -O "$rom" || $err "$rom: !nuke IFD/$_t"; return 0 + "$rom" -O "$rom" || $err "$rom: !nuke IFD/$_t" + xchanged="y" + return 0 elif [ "$nukemode" = "nuke" ]; then "$cbfstool" "$rom" remove -n "$cbfsname" || \ - $err "inject $rom: can't remove $cbfsname"; return 0 + $err "inject $rom: can't remove $cbfsname" + xchanged="y" + return 0 fi - [ "$_t" != "stage" ] || "$cbfstool" "$rom" add-stage -f \ - "$_dest" -n "$cbfsname" -t stage -c lzma || $err "$rom: !add ref" - [ "$_t" = "stage" ] || "$cbfstool" "$rom" add -f "$_dest" \ - -n "$cbfsname" -t $_t $_offset || $err "$rom !add $_t ($_dest)"; : + if [ "$_t" = "stage" ]; then # the only stage we handle is refcode + x_ mkdir -p tmp; x_ rm -f "tmp/refcode" + "$rmodtool" -i "$_dest" -o "tmp/refcode" || "!reloc refcode" + "$cbfstool" "$rom" add-stage -f "tmp/refcode" -n "$cbfsname" \ + -t stage || $err "$rom: !add ref" + else + "$cbfstool" "$rom" add -f "$_dest" -n "$cbfsname" \ + -t $_t $_offset || $err "$rom !add $_t ($_dest)" + fi; xchanged="y"; : } -modify_gbe() +modify_mac_addresses() { - chkvars CONFIG_GBE_BIN_PATH + [ "$nukemode" = "nuke" ] && \ + $err "Cannot modify MAC addresses while nuking vendor files" + # chkvars CONFIG_GBE_BIN_PATH + [ -n "$CONFIG_GBE_BIN_PATH" ] || return 1 e "${CONFIG_GBE_BIN_PATH##*../}" f n && $err "missing gbe file" - x_ make -C util/nvmutil - x_ cp "${CONFIG_GBE_BIN_PATH##*../}" "$TMPDIR/gbe" - x_ "util/nvmutil/nvm" "$TMPDIR/gbe" setmac $new_mac - "$ifdtool" $ifdprefix -i GbE:"$TMPDIR/gbe" "$1" -O "$1" || \ - $err "Cannot insert modified GbE region into target image." + [ "$new_mac" != "restore" ] && \ + x_ make -C util/nvmutil + + x_ mkdir -p tmp + [ -L "tmp/gbe" ] && $err "tmp/gbe exists but is a symlink" + [ -d "tmp/gbe" ] && $err "tmp/gbe exists but is a directory" + if [ -e "tmp/gbe" ]; then + [ -f "tmp/gbe" ] || $err "tmp/gbe exists and is not a file" + fi + x_ cp "${CONFIG_GBE_BIN_PATH##*../}" "tmp/gbe" + + [ "$new_mac" != "restore" ] && \ + x_ "util/nvmutil/nvm" "tmp/gbe" setmac "$new_mac" + + find "$tmpromdir" -maxdepth 1 -type f -name "*.rom" > "tmp/rom.list" \ + || $err "'$archive' -> Can't make tmp/rom.list - $dontflash" + + while read -r _xrom; do + [ -L "$_xrom" ] && continue + [ -f "$_xrom" ] || continue + "$ifdtool" $ifdprefix -i GbE:"tmp/gbe" "$_xrom" -O \ + "$_xrom" || $err "'$_xrom': Can't insert new GbE file" + xchanged="y" + done < "tmp/rom.list" + printf "\nThe following GbE NVM words were written in '%s':\n" \ + "$archive" + x_ util/nvmutil/nvm tmp/gbe dump + + [ "$new_mac" = "restore" ] && \ + printf "\nNOTE: User specified setmac 'restore' argument.\n" && \ + printf "Default GbE file '%s' written without running nvmutil.\n" \ + "${CONFIG_GBE_BIN_PATH##*../}"; : } |