diff options
Diffstat (limited to 'resources/scripts/update/blobs')
| -rwxr-xr-x | resources/scripts/update/blobs/download | 516 | ||||
| -rwxr-xr-x | resources/scripts/update/blobs/extract | 122 | ||||
| -rwxr-xr-x | resources/scripts/update/blobs/inject | 362 | ||||
| -rwxr-xr-x | resources/scripts/update/blobs/mrc | 184 |
4 files changed, 0 insertions, 1184 deletions
diff --git a/resources/scripts/update/blobs/download b/resources/scripts/update/blobs/download deleted file mode 100755 index 3df460d4..00000000 --- a/resources/scripts/update/blobs/download +++ /dev/null @@ -1,516 +0,0 @@ -#!/usr/bin/env sh - -# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> -# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> -# SPDX-FileCopyrightText: 2023 Leah Rowe <info@minifree.org> -# SPDX-License-Identifier: GPL-3.0-only - -. "include/err.sh" - -agent="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0" - -ec_url="" -ec_url_bkup="" -ec_hash="" -dl_hash="" -dl_url="" -dl_url_bkup="" -dl_path="" -e6400_vga_dl_hash="" -e6400_vga_dl_url="" -e6400_vga_dl_url_bkup="" -e6400_vga_offset="" -e6400_vga_romname="" -sch5545ec_dl_url="" -sch5545ec_dl_url_bkup="" -sch5545ec_dl_hash="" - -cbdir="coreboot/default" -cbcfgsdir="resources/coreboot" -boarddir="" -blobdir="blobs" -appdir="${blobdir}/app" -_7ztest="a" -mecleaner="$(pwd)/me_cleaner/me_cleaner.py" -e6400_unpack="$(pwd)/bios_extract/dell_inspiron_1100_unpacker.py" -me7updateparser="$(pwd)/resources/blobs/me7_update_parser.py" -kbc1126_ec_dump="$(pwd)/${cbdir}/util/kbc1126/kbc1126_ec_dump" -board="" -pfs_extract="$(pwd)/biosutilities/Dell_PFS_Extract.py" -uefiextract="$(pwd)/uefitool/uefiextract" -_b="" # board shorthand without e.g. _4mb (avoid duplication per flash size) - -CONFIG_HAVE_MRC="" -CONFIG_HAVE_IFD_BIN="" -CONFIG_HAVE_ME_BIN="" -CONFIG_HAVE_GBE_BIN="" -CONFIG_KBC1126_FIRMWARE="" -CONFIG_BOARD_DELL_E6400="" -CONFIG_VGA_BIOS_FILE="" -CONFIG_INCLUDE_SMSC_SCH5545_EC_FW="" -CONFIG_SMSC_SCH5545_EC_FW_FILE="" - -main() -{ - [ $# -gt 0 ] || \ - err "No argument given" - - board="${1}" - boarddir="${cbcfgsdir}/${board}" - - [ -d "${boarddir}" ] || \ - err "Board target, ${board}, not defined" - [ -f "${boarddir}/target.cfg" ] || \ - err "Target missing target.cfg" - - no_config="printf \"No config for target, %s\\n\" ${board} 1>&2; exit 0" - for x in "${boarddir}"/config/*; do - [ -f "${x}" ] && no_config="" - done - eval "${no_config}" - - detect_firmware || exit 0 - scan_sources_config - - build_dependencies - download_blobs -} - -detect_firmware() -{ - set -- "${boarddir}/config/"* - . "${1}" - . "${boarddir}/target.cfg" - - [ "${CONFIG_HAVE_MRC}" = "y" ] && needs="${needs} MRC" - [ "${CONFIG_HAVE_IFD_BIN}" = "y" ] && needs="${needs} IFD" - [ "${CONFIG_HAVE_ME_BIN}" = "y" ] && needs="${needs} ME" - [ "${CONFIG_HAVE_GBE_BIN}" = "y" ] && needs="${needs} GBE" - [ "${CONFIG_KBC1126_FIRMWARE}" = "y" ] && needs="${needs} EC" - [ "${CONFIG_BOARD_DELL_E6400}" = "y" ] && \ - [ "${CONFIG_VGA_BIOS_FILE}" != "" ] && needs="${needs} E6400VGA" - [ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \ - needs="${needs} SCH5545EC" - [ -z ${needs+x} ] && \ - printf "No binary blobs needed for this board\n" && \ - return 1 - printf "Firmware needed for board '%s':\n%s\n" "${board}" "${needs}" -} - -scan_sources_config() -{ - # Shorthand (avoid duplicating configs per flash size) - _b=${board%%_*mb} - - awkstr=" /\{.*${_b}.*}{/ {flag=1;next} /\}/{flag=0} flag { print }" - - while read -r line ; do - case ${line} in - EC_url_bkup*) - set ${line} - ec_url_bkup=${2} ;; - EC_url*) - set ${line} - ec_url=${2} ;; - EC_hash*) - set ${line} - ec_hash=${2} ;; - DL_hash*) - set ${line} - dl_hash=${2} ;; - DL_url_bkup*) - set ${line} - dl_url_bkup=${2} ;; - DL_url*) - set ${line} - dl_url=${2} ;; - E6400_VGA_DL_hash*) - set ${line} - e6400_vga_dl_hash=${2} ;; - E6400_VGA_DL_url_bkup*) - set ${line} - e6400_vga_dl_url_bkup=${2} ;; - E6400_VGA_DL_url*) - set ${line} - e6400_vga_dl_url=${2} ;; - E6400_VGA_offset*) - set ${line} - e6400_vga_offset=${2} ;; - E6400_VGA_romname*) - set ${line} - e6400_vga_romname=${2} ;; - SCH5545EC_DL_hash*) - set ${line} - sch5545ec_dl_hash=${2} ;; - SCH5545EC_DL_url_bkup*) - set ${line} - sch5545ec_dl_url_bkup=${2} ;; - SCH5545EC_DL_url*) - set ${line} - sch5545ec_dl_url=${2} ;; - esac - done << EOF - $(eval "awk '${awkstr}' resources/blobs/sources") -EOF -} - -build_dependencies() -{ - [ -d ${cbdir} ] || \ - ./fetch_trees coreboot ${cbdir##*/} || \ - err "build_dependencies: can't fetch ${cbdir}" - for d in uefitool biosutilities bios_extract me_cleaner; do - [ -d "${d}" ] && continue - ./fetch "${d}" || \ - err "build_dependencies: can't fetch ${d}" - done - [ -f uefitool/uefiextract ] || \ - ./handle make file -b uefitool || \ - err "build_dependencies: can't build uefitool" - if [ ! -f "${cbdir}/util/kbc1126/kbc1126_ec_dump" ]; then - make -BC "${cbdir}/util/kbc1126" || \ - err "build_dependencies: can't build kbc1126_ec_dump" - fi -} - -download_blobs() -{ - for need in ${needs}; do - case ${need} in - *ME*) - download_blob_intel_me || _failed="${_failed} me" ;; - *SCH5545EC*) - download_sch5545ec || failed="${_failed} sch5545ec" ;; - *EC*) - download_ec || _failed="${_failed} ec" ;; - *E6400VGA*) - download_e6400vga || _failed="${_failed} e6400vga" ;; - *MRC*) - ./update blobs mrc || _failed="${_failed} mrc" ;; - esac - done - - if [ ! -z ${_failed+x} ]; then - err "download_blobs: can't download blobs: ${_failed}\n" - fi -} - -download_blob_intel_me() -{ - printf "Downloading neutered ME for board: %s\n" ${board} - - fetch_update me || return 1 - extract_blob_intel_me || return 1 -} - -extract_blob_intel_me() -{ - printf "Extracting neutered ME for ${board}\n" - - _me_destination=${CONFIG_ME_BIN_PATH#../../} - - [ -d "${_me_destination%/*}" ] || \ - mkdir -p "${_me_destination%/*}" || \ - err "extract_blob_intel_me: mkdir ${_me_destination%/*}" - [ ! -d "${appdir}" ] || \ - rm -Rf "${appdir}" || \ - err "extract_blob_intel_me: can't rm -Rf \"${appdir}\"" - if [ -f "${_me_destination}" ]; then - printf "Intel ME firmware already downloaded\n" 1>&2 - return 0 - fi - - printf "Extracting and stripping Intel ME firmware\n" - - innoextract "${dl_path}" -d "${appdir}" || \ - 7z x "${dl_path}" -o"${appdir}" || \ - unar "${dl_path}" -o "${appdir}" || \ - err "extract_blob_intel_me: could not extract vendor update" - - bruteforce_extract_blob_intel_me "$(pwd)/${_me_destination}" \ - "$(pwd)/${appdir}" || \ - err "extract_blob_intel_me: could not extract Intel ME firmware" - - [ -f "${_me_destination}" ] || \ - err "extract_blob_intel_me, ${board}: me.bin missing" - - printf "Truncated and cleaned me output to: %s\n" "${_me_destination}" -} - -# cursed, carcinogenic code. TODO rewrite it better -bruteforce_extract_blob_intel_me() -{ - _me_destination="${1}" - cdir="${2}" # must be an absolute path, not relative - - [ -f "${_me_destination}" ] && return 0 - - sdir="$(mktemp -d)" - mkdir -p "${sdir}" || return 1 - - ( - printf "Entering %s\n" "${cdir}" - cd "${cdir}" || \ - err "bruteforce_extract_blob_intel_me: can't cd \"${cdir}\"" - for i in *; do - if [ -f "${_me_destination}" ]; then - # me.bin found, so avoid needless further traversal - break - elif [ -L "${i}" ]; then - # symlinks are a security risk, in this context - continue - elif [ -f "${i}" ]; then - "${mecleaner}" -r -t -O "${sdir}/vendorfile" \ - -M "${_me_destination}" "${i}" \ - && break # (we found me.bin) - "${mecleaner}" -r -t -O "${_me_destination}" "${i}" \ - && break # (we found me.bin) - "${me7updateparser}" -O "${_me_destination}" "${i}" \ - && break # (we found me.bin) - _7ztest="${_7ztest}a" - 7z x "${i}" -o"${_7ztest}" \ - || innoextract "${i}" -d "${_7ztest}" \ - || unar "${i}" -o "${_7ztest}" \ - || continue - bruteforce_extract_blob_intel_me "${_me_destination}" \ - "${cdir}/${_7ztest}" - elif [ -d "$i" ]; then - bruteforce_extract_blob_intel_me "${_me_destination}" \ - "${cdir}/${i}" - else - printf "SKIPPING: %s\n" "${i}" - continue - fi - cdir="${1}" - cd "${cdir}" # audit note: we already checked this (see above) - done - ) - - rm -Rf "${sdir}" || \ - err "bruteforce_extract_blob_intel_me: can't rm -Rf \"${sdir}\"" -} - -download_ec() -{ - printf "Downloading KBC1126 EC firmware for HP laptop\n" - - fetch_update ec || return 1 - extract_blob_kbc1126_ec || return 1 -} - -extract_blob_kbc1126_ec() -{ - printf "Extracting KBC1126 EC firmware for board: %s\n" ${board} - - _ec_destination=${CONFIG_KBC1126_FW1#../../} - - [ -d "${_ec_destination%/*}" ] || \ - mkdir -p "${_ec_destination%/*}" || \ - err "extract_blob_kbc1126_ec: !mkdir ${_ec_destination%/*}" - [ ! -d "${appdir}" ] || \ - rm -Rf "${appdir}" || \ - err "extract_blob_kbc1126_ec: !rm -Rf ${appdir}" - if [ -f "${_ec_destination}" ]; then - printf "KBC1126 EC firmware already downloaded\n" 1>&2 - return 0 - fi - - unar "${dl_path}" -o "${appdir}" || \ - err "extract_blob_kbc1126_ec: !unar \"${dl_path}\" -o \"${appdir}\"" - - ( - cd "${appdir}/${dl_path##*/}" || \ - err "extract_blob_kbc1126_ec: !cd \"${appdir}/${dl_path##*/}\"" - - mv Rompaq/68*.BIN ec.bin || : - if [ ! -f ec.bin ]; then - unar -D ROM.CAB Rom.bin || \ - unar -D Rom.CAB Rom.bin || \ - unar -D 68*.CAB Rom.bin || \ - err "extract_blob_kbc1126_ec: can't extract ec.bin" - mv Rom.bin ec.bin || \ - err "extract_blob_kbc1126_ec: *didn't* extract ec.bin" - fi - [ -f ec.bin ] || \ - err "extract_blob_kbc1126_ec: ${board}: can't extract ec.bin" - - "${kbc1126_ec_dump}" ec.bin || \ - err "extract_blob_kbc1126_ec: ${board}: can't extract ecfw1/2.bin" - ) - - ec_ex="y" - for i in 1 2; do - [ -f "${appdir}/${dl_path##*/}/ec.bin.fw${i}" ] || ec_ex="n" - done - [ "${ec_ex}" = "y" ] || \ - err "extract_blob_kbc1126_ec: ${board}: didn't extract ecfw1/2.bin" - - cp "${appdir}/${dl_path##*/}"/ec.bin.fw* "${_ec_destination%/*}/" || \ - err "extract_blob_kbc1126_ec: cant mv ecfw1/2 ${_ec_destination%/*}" -} - -download_e6400vga() -{ - printf "Downloading Nvidia VGA ROM for Dell Latitude E6400\n" - - fetch_update e6400vga || return 1 - extract_e6400vga || return 1 -} - -extract_e6400vga() -{ - printf "Extracting Nvidia VGA ROM for ${board}\n" - - _vga_destination=${CONFIG_VGA_BIOS_FILE#../../} - - if [ -f "${_vga_destination}" ]; then - printf "extract_e6400vga: vga rom already downloaded\n" 1>&2 - return 0 - fi - [ -d "${_vga_destination%/*}" ] || \ - mkdir -p "${_vga_destination%/*}" || \ - err "extract_e6400vga: can't mkdir ${_vga_destination%/*}" - [ ! -d "${appdir}" ] || \ - rm -Rf "${appdir}" || \ - err "extract_e6400vga: can't rm -Rf ${appdir}" - - mkdir -p "${appdir}" || \ - err "extract_e6400vga: can't mkdir ${appdir}" - cp "${dl_path}" "${appdir}" || \ - err "extract_e6400vga: can't copy vendor update" - - [ "${e6400_vga_offset}" = "" ] && \ - err "extract_e6400vga: E6400 VGA offset not defined" - [ "${e6400_vga_romname}" = "" ] && \ - err "extract_e6400vga: E6400 VGA ROM name not defined" - - ( - cd "${appdir}" || \ - err "extract_e6400vga: can't cd ${appdir}" - tail -c +${e6400_vga_offset} "${dl_path##*/}" | gunzip > bios.bin || \ - err "extract_e6400vga: can't gunzip > bios.bin" - - [ -f "bios.bin" ] || \ - err "extract_e6400vga: can't extract bios.bin from update" - "${e6400_unpack}" bios.bin || printf "TODO: fix dell extract util\n" - [ -f "${e6400_vga_romname}" ] || \ - err "extract_e6400vga: can't extract vga rom from bios.bin" - ) - - cp "${appdir}"/"${e6400_vga_romname}" "${_vga_destination}" || \ - err "extract_e6400vga: can't copy vga rom to ${_vga_destination}" - - printf "E6400 Nvidia ROM saved to: %s\n" "${_vga_destination}" -} - -download_sch5545ec() -{ - printf "Downloading SMSC SCH5545 Environment Controller firmware\n" - - fetch_update sch5545ec || return 1 - extract_sch5545ec || return 1 -} - -# TODO: this code is cancer. hardcoded is bad, and stupid. -# TODO: make it *scan* (based on signature, in each file) -extract_sch5545ec() -{ - printf "Extracting SCH5545 Environment Controller firmware for '%s'\n" \ - ${board} - - _sch5545ec_destination=${CONFIG_SMSC_SCH5545_EC_FW_FILE#../../} - - if [ -f "${_sch5545ec_destination}" ]; then - printf "sch5545 firmware already downloaded\n" 1>&2 - return 0 - fi - - [ ! -d "${appdir}" ] || rm -Rf "${appdir}" || \ - err "extract_sch5545ec: can't remove ${appdir}" - - mkdir -p "${appdir}/" || err "extract_sch5545ec: !mkdir ${appdir}" - cp "${dl_path}" "${appdir}/" || \ - err "extract_sch5545ec: can't copy vendor update file" - python "${pfs_extract}" "${appdir}/${dlsum}" -e || \ - err "extract_sch5545ec: can't extract from vendor update" - - # full system ROM (UEFI), to extract with UEFIExtract: - _bios="${appdir}/${dlsum}_extracted/Firmware" - _bios="${_bios}/1 ${dlsum} -- 1 System BIOS vA.28.bin" - - # this is the SCH5545 firmware, inside of the extracted UEFI ROM: - _sch5545ec_fw="${_bios}.dump/4 7A9354D9-0468-444A-81CE-0BF617D890DF" - _sch5545ec_fw="${_sch5545ec_fw}/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3" - _sch5545ec_fw="${_sch5545ec_fw}/0 Raw section/body.bin" # <-- this! - - # this makes the file defined by _sch5545ec_fw available to copy - "${uefiextract}" "${_bios}" || \ - err "extract_sch5545ec: cannot extract from uefi image" - - cp "${_sch5545ec_fw}" "${_sch5545ec_destination}" || \ - err "extract_sch5545ec: cannot copy sch5545ec firmware file" -} - -fetch_update() -{ - printf "Fetching vendor update for board: %s\n" "${board}" - - fw_type="${1}" - dl="" - dl_bkup="" - dlsum="" - if [ "${fw_type}" = "me" ]; then - dl=${dl_url} - dl_bkup=${dl_url_bkup} - dlsum=${dl_hash} - elif [ "${fw_type}" = "ec" ]; then - dl=${ec_url} - dl_bkup=${ec_url_bkup} - dlsum=${ec_hash} - elif [ "${fw_type}" = "e6400vga" ]; then - dl=${e6400_vga_dl_url} - dl_bkup=${e6400_vga_dl_url_bkup} - dlsum=${e6400_vga_dl_hash} - elif [ "${fw_type}" = "sch5545ec" ]; then - dl="${sch5545ec_dl_url}" - dl_bkup="${sch5545ec_dl_url_bkup}" - dlsum="${sch5545ec_dl_hash}" - else - err "fetch_update: Unsupported download type: ${fw_type}" - fi - - [ -z "${dl_url+x}" ] && [ "${fw_type}" != "e6400vga" ] && \ - err "fetch_update ${fw_type}: dl_url unspecified for: ${board}" - - dl_path="${blobdir}/cache/${dlsum}" - mkdir -p "${blobdir}/cache" || err "fetch_update: !mkdir ${blobdir}/cache" - - dl_fail="y" - vendor_checksum "${dlsum}" && dl_fail="n" - for x in "${dl}" "${dl_bkup}"; do - [ "${dl_fail}" = "n" ] && break - [ -z "${x}" ] && continue - rm -f "${dl_path}" || \ - err "fetch_update ${fw_type}: !rm -f ${dl_path}" - wget -U "${agent}" "${x}" -O "${dl_path}" || continue - vendor_checksum "${dlsum}" && dl_fail="n" - done - if [ "${dl_fail}" = "y" ]; then - printf "ERROR: invalid vendor updates for: %s\n" "${board}" 1>&2 - err "fetch_update ${fw_type}: matched vendor update unavailable" - fi -} - -vendor_checksum() -{ - if [ ! -f "${dl_path}" ]; then - printf "Vendor update not found on disk for: %s\n" "${board}" \ - 1>&2 - return 1 - elif [ "$(sha1sum ${dl_path} | awk '{print $1}')" != "${1}" ]; then - printf "Bad checksum on vendor update for: %s\n" "${board}" 1>&2 - return 1 - fi -} - -main $@ diff --git a/resources/scripts/update/blobs/extract b/resources/scripts/update/blobs/extract deleted file mode 100755 index fa76dfb5..00000000 --- a/resources/scripts/update/blobs/extract +++ /dev/null @@ -1,122 +0,0 @@ -#!/usr/bin/env sh -# script to automate extracting blobs from an existing vendor bios - -# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> -# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org> -# SPDX-License-Identifier: GPL-3.0-only - -. "include/err.sh" - -sname="" -board="" -vendor_rom="" - -cbdir="coreboot/default" -cbcfgsdir="resources/coreboot" -ifdtool="${cbdir}/util/ifdtool/ifdtool" -mecleaner="me_cleaner/me_cleaner.py" -me7updateparser="resources/blobs/me7_update_parser.py" - -boarddir="" - -CONFIG_HAVE_MRC="" -CONFIG_ME_BIN_PATH="" -CONFIG_GBE_BIN_PATH="" -CONFIG_IFD_BIN_PATH="" - -_me_destination="" -_gbe_destination="" -_ifd_destination="" - -main() -{ - sname=${0} - [ $# -lt 2 ] && err "Missing arguments (fewer than two)." - - board="${1}" - vendor_rom="${2}" - boarddir="${cbcfgsdir}/${board}" - - check_board - build_dependencies - extract_blobs -} - -check_board() -{ - if [ ! -f "${vendor_rom}" ]; then - err "check_board: ${board}: file does not exist: ${vendor_rom}" - elif [ ! -d "${boarddir}" ]; then - err "check_board: ${board}: target not defined" - elif [ ! -f "${boarddir}/target.cfg" ]; then - err "check_board: ${board}: missing target.cfg" - fi -} - -build_dependencies() -{ - if [ ! -d me_cleaner ]; then - ./fetch me_cleaner || \ - err "build_dependencies: can't fetch me_cleaner" - elif [ ! -d "${cbdir}" ]; then - ./fetch_trees coreboot default || \ - err "build_dependencies: can't fetch coreboot" - elif [ ! -f "${ifdtool}" ]; then - make -C "${ifdtool%/ifdtool}" || \ - err "build_dependencies: can't build ifdtool" - fi -} - -extract_blobs() -{ - printf "extracting blobs for %s from %s\n" ${board} ${vendor_rom} - - set -- "${boarddir}/config/"* - . "${1}" - . "${boarddir}/target.cfg" - - [ "$CONFIG_HAVE_MRC" != "y" ] || \ - ./update blobs mrc || err "extract_blobs: can't fetch mrc" - - _me_destination=${CONFIG_ME_BIN_PATH#../../} - _gbe_destination=${CONFIG_GBE_BIN_PATH#../../} - _ifd_destination=${CONFIG_IFD_BIN_PATH#../../} - - extract_blob_intel_me - extract_blob_intel_gbe_nvm - - # Cleans up other files extracted with ifdtool - rm -f flashregion*.bin || err "extract_blobs: !rm -f flashregion*.bin" - - [ -f "${_ifd_destination}" ] || err "extract_blobs: Cannot extract IFD" - printf "gbe, ifd, and me extracted to %s\n" "${_me_destination%/*}" -} - -extract_blob_intel_me() -{ - printf "extracting clean ime and modified ifd\n" - - "${mecleaner}" -D "${_ifd_destination}" \ - -M "${_me_destination}" "${vendor_rom}" -t -r -S || \ - "${me7updateparser}" \ - -O "${_me_destination}" "${vendor_rom}" || \ - err "extract_blob_intel_me: cannot extract from vendor rom" -} - -extract_blob_intel_gbe_nvm() -{ - printf "extracting gigabit ethernet firmware" - ./"${ifdtool}" -x "${vendor_rom}" || \ - err "extract_blob_intel_gbe_nvm: cannot extract gbe.bin from rom" - mv flashregion*gbe.bin "${_gbe_destination}" || \ - err "extract_blob_intel_gbe_nvm: cannot move gbe.bin" -} - -print_help() -{ - printf "Usage: ./update blobs extract {boardname} {path/to/vendor_rom}\n" - printf "Example: ./update blobs extract x230 12mb_flash.bin\n" - printf "\nYou need to specify exactly 2 arguments\n" -} - -main $@ diff --git a/resources/scripts/update/blobs/inject b/resources/scripts/update/blobs/inject deleted file mode 100755 index bc6b55c9..00000000 --- a/resources/scripts/update/blobs/inject +++ /dev/null @@ -1,362 +0,0 @@ -#!/usr/bin/env sh - -# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> -# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> -# SPDX-FileCopyrightText: 2023 Leah Rowe <info@minifree.org> -# SPDX-License-Identifier: GPL-3.0-only - -. "include/err.sh" - -sname="" -archive="" -_filetype="" -rom="" -board="" -modifygbe="" -new_mac="" -release="" -releasearchive="" - -cbdir="coreboot/default" -cbcfgsdir="resources/coreboot" -ifdtool="cbutils/default/ifdtool" -cbfstool="cbutils/default/cbfstool" -nvmutil="util/nvmutil/nvm" -boarddir="" -pciromsdir="pciroms" - -CONFIG_HAVE_MRC="" -CONFIG_HAVE_ME_BIN="" -CONFIG_ME_BIN_PATH="" -CONFIG_KBC1126_FIRMWARE="" -CONFIG_KBC1126_FW1="" -CONFIG_KBC1126_FW1_OFFSET="" -CONFIG_KBC1126_FW2="" -CONFIG_KBC1126_FW2_OFFSET="" -CONFIG_VGA_BIOS_FILE="" -CONFIG_VGA_BIOS_ID="" -CONFIG_GBE_BIN_PATH="" -CONFIG_INCLUDE_SMSC_SCH5545_EC_FW="" -CONFIG_SMSC_SCH5545_EC_FW_FILE="" - -main() -{ - sname="${0}" - - [ $# -lt 1 ] && err "No options specified." - [ "${1}" = "listboards" ] && \ - ./build command options resources/coreboot && exit 0 - - archive="${1}" - - while getopts r:b:m: option - do - case "${option}" in - r) - rom=${OPTARG} ;; - b) - board=${OPTARG} ;; - m) - modifygbe=true - new_mac=${OPTARG} ;; - esac - done - - check_board - build_dependencies - inject_blobs - - printf "Friendly reminder (this is *not* an error message):\n" - printf "Please always ensure that the files were inserted correctly.\n" - printf "Read: https://libreboot.org/docs/install/ivy_has_common.html\n" -} - -check_board() -{ - if ! check_release "${archive}" ; then - [ -f "${rom}" ] || \ - err "check_board: \"${rom}\" is not a valid path" - [ -z ${rom+x} ] && \ - err "check_board: no rom specified" - [ ! -z ${board+x} ] || \ - board=$(detect_board "${rom}") - else - release=true - releasearchive="${archive}" - board=$(detect_board "${archive}") - fi - - boarddir="${cbcfgsdir}/${board}" - if [ ! -d "${boarddir}" ]; then - err "check_board: board ${board} not found" - fi -} - -check_release() -{ - [ -f "${archive}" ] || return 1 - [ "${archive##*.}" = "xz" ] || return 1 - printf "%s\n" "Release archive ${archive} detected" -} - -# This function tries to determine the board from the filename of the rom. -# It will only succeed if the filename is not changed from the build/download -detect_board() -{ - path="${1}" - filename=$(basename ${path}) - case ${filename} in - grub_*) - board=$(echo "${filename}" | cut -d '_' -f2-3) ;; - seabios_withgrub_*) - board=$(echo "${filename}" | cut -d '_' -f3-4) ;; - *.tar.xz) - _stripped_prefix=${filename#*_} - board="${_stripped_prefix%.tar.xz}" ;; - *) - err "detect_board: could not detect board type" - esac - [ -d "${boarddir}/" ] || \ - err "detect_board: dir, ${boarddir}, doesn't exist" - printf '%s\n' "${board}" -} - -build_dependencies() -{ - [ -d "${cbdir}" ] || ./fetch_trees coreboot default - ./build coreboot utils default || \ - err "build_dependencies: could not build cbutils" - ./update blobs download ${board} || \ - err "build_dependencies: Could not download blobs for ${board}" -} - -inject_blobs() -{ - if [ "${release}" = "true" ]; then - printf "patching release file\n" - patch_release_roms - else - patch_rom "${rom}" || \ - err "inject_blobs: could not patch ${x}" - fi -} - -patch_release_roms() -{ - _tmpdir=$(mktemp -d "/tmp/${board}_tmpXXXX") - tar xf "${releasearchive}" -C "${_tmpdir}" || \ - err "patch_release_roms: could not extract release archive" - - for x in "${_tmpdir}"/bin/*/*.rom ; do - echo "patching rom $x" - patch_rom "${x}" || err "patch_release_roms: could not patch ${x}" - done - - ( - cd "${_tmpdir}"/bin/* - sha1sum --status -c blobhashes || \ - err "patch_release_roms: ROMs did not match expected hashes" - ) - - if [ "${modifygbe}" = "true" ]; then - for x in "${_tmpdir}"/bin/*/*.rom ; do - modify_gbe "${x}" - done - fi - - [ -d bin/release ] || mkdir -p bin/release || \ - err "patch_release_roms: !mkdir -p bin/release" - mv "${_tmpdir}"/bin/* bin/release/ || \ - err "patch_release_roms: !mv ${_tmpdir}/bin/* bin/release/" - - printf "Success! Your ROMs are in bin/release\n" - - rm -Rf "${_tmpdir}" || err "patch_release_roms: !rm -Rf ${_tmpdir}" -} - -patch_rom() -{ - rom="${1}" - - no_config="printf \"No configs on target, %s\\n\" ${board} 1>&2; exit 1" - for x in "${boarddir}"/config/*; do - [ -f "${x}" ] && no_config="" - done - eval "${no_config}" - - [ -f "${boarddir}/target.cfg" ] || \ - err "patch_rom: file missing: ${boarddir}/target.cfg" - - set -- "${boarddir}/config/"* - . "${1}" - . "${boarddir}/target.cfg" - - [ "$CONFIG_HAVE_MRC" = "y" ] && \ - inject_blob_intel_mrc "${rom}" - [ "${CONFIG_HAVE_ME_BIN}" = "y" ] && \ - inject_blob_intel_me "${rom}" - [ "${CONFIG_KBC1126_FIRMWARE}" = "y" ] && \ - inject_blob_hp_kbc1126_ec "${rom}" - [ "${CONFIG_VGA_BIOS_FILE}" != "" ] && \ - [ "${CONFIG_VGA_BIOS_ID}" != "" ] && \ - inject_blob_dell_e6400_vgarom_nvidia - [ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \ - [ "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" != "" ] && \ - inject_blob_smsc_sch5545_ec "${rom}" - [ "${modifygbe}" = "true" ] && ! [ "${release}" = "true" ] && \ - modify_gbe "${rom}" - - printf "ROM image successfully patched: %s\n" "${rom}" -} - -inject_blob_intel_mrc() -{ - rom="${1}" - - printf 'adding mrc\n' - - # mrc.bin must be inserted at a specific offset. the only - # libreboot platform that needs it, at present, is haswell - - # in cbfstool, -b values above 0x80000000 are interpreted as - # top-aligned x86 memory locations. this is converted into an - # absolute offset within the flash, and inserted accordingly - # at that offset into the ROM image file - - # coreboot's own build system hardcodes the mrc.bin offset - # because there is only one correct location in memory, but - # it would be useful for lbmk if it could be easily scanned - # from Kconfig, with the option to change it where in practise - # it is not changed - - # the hardcoded offset below is based upon reading of the coreboot - # source code, and it is *always* correct for haswell platform. - # TODO: this logic should be tweaked to handle more platforms - - "${cbfstool}" "${rom}" add -f mrc/haswell/mrc.bin -n mrc.bin -t mrc \ - -b 0xfffa0000 || err "inject_blob_intel_mrc: cannot insert mrc.bin" -} - -inject_blob_intel_me() -{ - printf 'adding intel management engine\n' - - rom="${1}" - [ -z ${CONFIG_ME_BIN_PATH} ] && \ - err "inject_blob_intel_me: CONFIG_ME_BIN_PATH not set" - - _me_location=${CONFIG_ME_BIN_PATH#../../} - [ ! -f "${_me_location}" ] && \ - err "inject_blob_intel_me: per CONFIG_ME_BIN_PATH: file missing" - - "${ifdtool}" -i me:"${_me_location}" "${rom}" -O "${rom}" || \ - err "inject_blob_intel_me: cannot insert me.bin" -} - -inject_blob_hp_kbc1126_ec() -{ - rom="${1}" - - _ec1_location="${CONFIG_KBC1126_FW1#../../}" - _ec1_offset="${CONFIG_KBC1126_FW1_OFFSET}" - _ec2_location="${CONFIG_KBC1126_FW2#../../}" - _ec2_offset="${CONFIG_KBC1126_FW2_OFFSET}" - - printf "adding hp kbc1126 ec firmware\n" - - if [ "${_ec1_offset}" = "" ] || [ "${_ec1_offset}" = "" ]; then - err "inject_blob_hp_kbc1126_ec: ${board}: offset not declared" - fi - if [ "${_ec1_location}" = "" ] || [ "${_ec2_location}" = "" ]; then - err "inject_blob_hp_kbc1126_ec: ${board}: EC path not declared" - fi - if [ ! -f "${_ec1_location}" ] || [ ! -f "${_ec2_location}" ]; then - err "inject_blob_hp_kbc1126_ec: ${board}: ecfw not downloaded" - fi - - "${cbfstool}" "${rom}" add -f "${_ec1_location}" -n ecfw1.bin \ - -b ${_ec1_offset} -t raw || \ - err "inject_blob_hp_kbc1126_ec: cannot insert ecfw1.bin" - "${cbfstool}" "${rom}" add -f "${_ec2_location}" -n ecfw2.bin \ - -b ${_ec2_offset} -t raw || \ - err "inject_blob_hp_kbc1126_ec: cannot insert ecfw2.bin" -} - -inject_blob_dell_e6400_vgarom_nvidia() -{ - rom="${1}" - - _vga_location="${CONFIG_VGA_BIOS_FILE#../../}" - _vga_dir="${_vga_location%/*}" - _vga_filename="${_vga_location##*/}" - - printf "adding pci option rom\n" - - if [ "${_vga_dir}" != "${pciromsdir}" ]; then - err "inject_blob_dell_e6400vga: invalid pcirom dir: ${_vga_dir}" - fi - if [ ! -f "${_vga_location}" ]; then - err "inject_blob_dell_e6400vga: ${_vga_location} doesn't exist" - fi - - "${cbfstool}" "${rom}" add -f "${_vga_location}" \ - -n "pci${CONFIG_VGA_BIOS_ID}.rom" -t optionrom || \ - err "inject_blob_dell_e6400vga: cannot insert vga oprom" -} - -inject_blob_smsc_sch5545_ec() -{ - rom="${1}" - - _sch5545ec_location="${CONFIG_SMSC_SCH5545_EC_FW_FILE#../../}" - - if [ ! -f "${_sch5545ec_location}" ]; then - err "inject_blob_smsc_sch5545_ec: SCH5545 fw missing" - fi - - "${cbfstool}" "${rom}" add -f "${_sch5545ec_location}" \ - -n sch5545_ecfw.bin -t raw || \ - err "inject_blob_smsc_sch5545_ec: can't insert sch5545_ecfw.bin" -} - -modify_gbe() -{ - printf "changing mac address in gbe to ${new_mac}\n" - - rom="${1}" - - [ -z ${CONFIG_GBE_BIN_PATH} ] && \ - err "modify_gbe: ${board}: CONFIG_GBE_BIN_PATH not set" - - _gbe_location=${CONFIG_GBE_BIN_PATH#../../} - - [ -f "${_gbe_location}" ] || \ - err "modify_gbe: CONFIG_GBE_BIN_PATH points to missing file" - [ -f "${nvmutil}" ] || \ - make -C util/nvmutil || err "modify_gbe: couldn't build nvmutil" - - _gbe_tmp=$(mktemp -t gbeXXXX.bin) - cp "${_gbe_location}" "${_gbe_tmp}" - "${nvmutil}" "${_gbe_tmp}" setmac "${new_mac}" || \ - err "modify_gbe: ${board}: failed to modify mac address" - - "${ifdtool}" -i GbE:"${_gbe_tmp}" "${rom}" -O "${rom}" || \ - err "modify_gbe: ${board}: cannot insert modified gbe.bin" - - rm -f "${_gbe_tmp}" -} - -usage() -{ - cat <<- EOF - USAGE: ./update blobs inject -r [rom path] -b [boardname] -m [macaddress] - Example: ./update blobs inject -r x230_12mb.rom -b x230_12mb - - Adding a macadress to the gbe is optional. - If the [-m] parameter is left blank, the gbe will not be touched. - - Type './update blobs inject listboards' to get a list of valid boards - EOF -} - -main $@ diff --git a/resources/scripts/update/blobs/mrc b/resources/scripts/update/blobs/mrc deleted file mode 100755 index c069e678..00000000 --- a/resources/scripts/update/blobs/mrc +++ /dev/null @@ -1,184 +0,0 @@ -#!/usr/bin/env sh - -# Download Intel MRC images -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -[ "x${DEBUG+set}" = 'xset' ] && set -v -set -u -e - -. "include/err.sh" - -export PATH="${PATH}:/sbin" - -# This file is forked from util/chromeos/crosfirmware.sh in coreboot cfc26ce278 -# Changes to it in *this version* are copyright 2021 and 2023 Leah Rowe, under -# the same license as above. - -# use updated manifest from wayback machine, when updating mrc.bin, -# and update the other variables below accordingly. current manifest used: -# https://web.archive.org/web/20210211071412/https://dl.google.com/dl/edgedl/chromeos/recovery/recovery.conf - -# the wayback machine is used so that we get the same manifest. google -# does not seem to version the manifest, but archives are available - -# variables taken from that manifest: - -_board="peppy" -_file="chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin" -_url="https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip" -_url2="https://web.archive.org/web/20200516070928/https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip" -_sha1sum="cd5917cbe7f821ad769bf0fd87046898f9e175c8" -_mrc_complete_hash="d18de1e3d52c0815b82ea406ca07897c56c65696" -_mrc_complete="mrc/haswell/mrc.bin" - -cbdir="coreboot/default" -cbfstool="cbutils/default/cbfstool" - -sname="" - -main() -{ - sname=${0} - printf "Downloading Intel MRC blobs\n" - - check_existing || return 0 - build_dependencies - fetch_mrc || err "could not fetch mrc.bin" -} - -check_existing() -{ - [ -f "${_mrc_complete}" ] || \ - return 0 - printf 'found existing mrc.bin\n' - [ "$(sha1sum "${_mrc_complete}" | awk '{print $1}')" \ - = "${_mrc_complete_hash}" ] && \ - return 1 - printf 'hashes did not match, starting over\n' -} - -build_dependencies() -{ - [ -d "${cbdir}/" ] || ./fetch_trees coreboot default || \ - err "build_dependencies: cannot fetch coreboot/default" - ./build coreboot utils default || \ - err "build_dependencies: cannot build cbutils/default" -} - -fetch_mrc() -{ - mkdir -p mrc/haswell/ || err "fetch_mrc: !mkdir mrc/haswell" - - ( - cd mrc/haswell/ || err "fetch_mrc: !cd mrc/haswell" - - download_image "${_url}" "${_file}" "${_sha1sum}" - [ -f ${_file} ] || \ - download_image "${_url2}" "${_file}" "${_sha1sum}" - [ -f $_file ] || \ - err "fetch_mrc: ${_file} not downloaded / verification failed." - - extract_partition ROOT-A "${_file}" root-a.ext2 - extract_shellball root-a.ext2 chromeos-firmwareupdate-${_board} - - extract_coreboot chromeos-firmwareupdate-${_board} - - ../../"${cbfstool}" coreboot-*.bin extract -f mrc.bin -n mrc.bin \ - -r RO_SECTION || err "fetch_mrc: could not fetch mrc.bin" - rm -f "chromeos-firmwareupdate-${_board}" coreboot-*.bin \ - "${_file}" "root-a.ext2" || err "fetch_mrc: cannot remove files" - - printf "\n\nmrc.bin saved to ${_mrc_complete}\n\n" - ) -} - -download_image() -{ - url=${1} - _file=${2} - _sha1sum=${3} - - printf "Downloading recovery image\n" - curl "$url" > "$_file.zip" || err "download_image: curl failed" - printf "Verifying recovery image checksum\n" - if [ "$(sha1sum "${_file}.zip" | awk '{print $1}')" = "${_sha1sum}" ] - then - unzip -q "${_file}.zip" || err "download_image: cannot unzip" - rm -f "${_file}.zip" || err "download_image: can't rm zip {1}" - return 0 - fi - rm -f "${_file}.zip" || err "download_image: bad hash, and can't rm zip" - err "download_image: Bad checksum. Recovery image deleted" -} - -extract_partition() -{ - NAME=${1} - FILE=${2} - ROOTFS=${3} - _bs=1024 - - printf "Extracting ROOT-A partition\n" - ROOTP=$( printf "unit\nB\nprint\nquit\n" | \ - parted "${FILE}" 2>/dev/null | grep "${NAME}" ) - - START=$(( $( echo ${ROOTP} | cut -f2 -d\ | tr -d "B" ) )) - SIZE=$(( $( echo ${ROOTP} | cut -f4 -d\ | tr -d "B" ) )) - - dd if="${FILE}" of="${ROOTFS}" bs=${_bs} skip=$(( ${START} / ${_bs} )) \ - count=$(( ${SIZE} / ${_bs} )) || \ - err "extract_partition: can't extract root file system" -} - -extract_shellball() -{ - ROOTFS=${1} - SHELLBALL=${2} - - printf "Extracting chromeos-firmwareupdate\n" - printf "cd /usr/sbin\ndump chromeos-firmwareupdate ${SHELLBALL}\nquit" \ - | debugfs "${ROOTFS}" || err "extract_shellball: debugfs" -} - -extract_coreboot() -{ - _shellball=${1} - _unpacked=$( mktemp -d ) - - printf "Extracting coreboot image\n" - - [ -f "${_shellball}" ] || \ - err "extract_coreboot: shellball missing in google peppy image" - - sh "${_shellball}" --unpack "${_unpacked}" || \ - err "extract_coreboot: shellball exits with non-zero status" - - # TODO: audit the f* out of that shellball, for each mrc version. - # it has to be updated for each mrc update. we should ideally - # implement the functionality ourselves. - - [ -f "${_unpacked}/VERSION" ] || \ - err "extract_coreboot: VERSION file missing on google coreboot rom" - - _version=$( cat "${_unpacked}/VERSION" | grep BIOS\ version: | \ - cut -f2 -d: | tr -d \ ) - - cp "${_unpacked}/bios.bin" "coreboot-${_version}.bin" || \ - err "extract_coreboot: cannot copy google peppy rom" - rm -Rf "${_unpacked}" || \ - err "extract_coreboot: cannot remove extracted google peppy archive" -} - -main $@ |