2 files changed, 486 insertions, 0 deletions
diff --git a/script/update/vendor/download b/script/update/vendor/download
new file mode 100755
index 00000000..21b0f7ed
--- /dev/null
+++ b/script/update/vendor/download
@@ -0,0 +1,170 @@
+#!/usr/bin/env sh
+# SPDX-License-Identifier: GPL-3.0-only
+# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com>
+# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com>
+# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org>
+
+. "include/err.sh"
+. "include/vendor.sh"
+. "include/mrc.sh"
+. "include/option.sh"
+
+export PATH="${PATH}:/sbin"
+
+main()
+{
+	[ $# -gt 0 ] || err "No argument given"
+	board="${1}"
+	boarddir="${cbcfgsdir}/${board}"
+	_b="${board%%_*mb}" # shorthand (avoid duplicating config per rom size)
+
+	check_defconfig "${boarddir}" || exit 0
+	detect_firmware && exit 0
+	scan_config "${_b}" "config/vendor" "err"
+
+	build_dependencies
+	download_vendorfiles
+}
+
+detect_firmware()
+{
+	set -- "${boarddir}/config/"*
+	. "${1}" 2>/dev/null
+
+	for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \
+	    CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW; do
+		eval "[ -z \"\${${c}}\" ] || return 1"
+	done
+	printf "Vendor files not needed for: %s\n" "${board}" 1>&2
+}
+
+build_dependencies()
+{
+	[ -d ${cbdir} ] || \
+		x_ ./update project trees coreboot ${cbdir##*/}
+	for d in uefitool biosutilities bios_extract me_cleaner; do
+		[ -d "src/${d}" ] && continue
+		x_ ./update project repo "${d}"
+	done
+	[ -f "${uefiextract}" ] || \
+		x_ ./update project build -b uefitool
+	[ -f "${kbc1126_ec_dump}" ] || \
+		x_ make -C "${cbdir}/util/kbc1126"
+	x_ ./build coreboot utils default
+}
+
+download_vendorfiles()
+{
+	[ -z "${CONFIG_HAVE_ME_BIN}" ] || \
+		fetch "intel_me" "${DL_url}" "${DL_url_bkup}" "${DL_hash}" \
+		    "${CONFIG_ME_BIN_PATH}"
+	[ -z "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" ] || \
+		fetch "sch5545ec" "${SCH5545EC_DL_url}" \
+		    "${SCH5545EC_DL_url_bkup}" "${SCH5545EC_DL_hash}" \
+		    "${CONFIG_SMSC_SCH5545_EC_FW_FILE}"
+	[ -z "${CONFIG_KBC1126_FIRMWARE}" ] || \
+		fetch "kbc1126ec" "${EC_url}" "${EC_url_bkup}" "${EC_hash}" \
+		    "${CONFIG_KBC1126_FW1}"
+	[ -z "${CONFIG_VGA_BIOS_FILE}" ] || \
+		fetch "e6400vga" "${E6400_VGA_DL_url}" \
+		    "${E6400_VGA_DL_url_bkup}" "${E6400_VGA_DL_hash}" \
+		    "${CONFIG_VGA_BIOS_FILE}"
+	[ -z "${CONFIG_HAVE_MRC}" ] && return 0
+	fetch "mrc" "${MRC_url}" "${MRC_url_bkup}" "${MRC_hash}" \
+	    "${CONFIG_MRC_FILE}"
+}
+
+extract_intel_me()
+{
+	_me="${PWD}/${_dest}" # must always be an absolute path
+	cdir="${PWD}/${appdir}" # must always be an absolute path
+	[ $# -gt 0 ] && _me="${1}"
+	[ $# -gt 0 ] && cdir="${2}"
+	[ -f "${_me}" ] && return 0
+
+	sdir="$(mktemp -d)"
+	mkdir -p "${sdir}" || err "extract_intel_me: !mkdir -p \"${sdir}\""
+	(
+	cd "${cdir}" || err "extract_intel_me: !cd \"${cdir}\""
+	for i in *; do
+		[ -f "${_me}" ] && break
+		[ -L "${i}" ] && continue
+		if [ -f "${i}" ]; then
+			"${mecleaner}" -r -t -O "${sdir}/vendorfile" \
+			    -M "${_me}" "${i}" && break
+			"${mecleaner}" -r -t -O "${_me}" "${i}" && break
+			"${me7updateparser}" -O "${_me}" "${i}" && break
+			_7ztest="${_7ztest}a"
+			extract_archive "${i}" "${_7ztest}" || continue
+			extract_intel_me "${_me}" "${cdir}/${_7ztest}"
+		elif [ -d "$i" ]; then
+			extract_intel_me "${_me}" "${cdir}/${i}"
+		else
+			continue
+		fi
+		cdir="${1}"
+		cd "${cdir}"
+	done
+	)
+	rm -Rf "${sdir}" || err "extract_intel_me: !rm -Rf ${sdir}"
+}
+
+extract_kbc1126ec()
+{
+	(
+	x_ cd "${appdir}/"
+	mv Rompaq/68*.BIN ec.bin || :
+	if [ ! -f ec.bin ]; then
+		unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \
+		    x_ unar -D 68*.CAB Rom.bin
+		x_ mv Rom.bin ec.bin
+	fi
+	[ -f ec.bin ] || err "extract_kbc1126_ec ${board}: can't extract"
+	"${kbc1126_ec_dump}" ec.bin || \
+	    err "extract_kbc1126_ec ${board}: can't extract ecfw1/2.bin"
+	)
+	ec_ex="y"
+	for i in 1 2; do
+		[ -f "${appdir}/ec.bin.fw${i}" ] || ec_ex="n"
+	done
+	[ "${ec_ex}" = "y" ] || \
+	    err "extract_kbc1126_ec ${board}: didn't extract ecfw1/2.bin"
+	x_ cp "${appdir}/"ec.bin.fw* "${_dest%/*}/"
+}
+
+extract_e6400vga()
+{
+	[ "${E6400_VGA_offset}" = "" ] && \
+		err "extract_e6400vga: E6400 VGA offset not defined"
+	[ "${E6400_VGA_romname}" = "" ] && \
+		err "extract_e6400vga: E6400 VGA ROM name not defined"
+	tail -c +${E6400_VGA_offset} "${_dl}" | \
+	    gunzip >"${appdir}/bios.bin" || :
+	(
+	x_ cd "${appdir}"
+	[ -f "bios.bin" ] || err "extract_e6400vga: can't extract bios.bin"
+	"${e6400_unpack}" bios.bin || printf "TODO: fix dell extract util\n"
+	[ -f "${E6400_VGA_romname}" ] || \
+		err "extract_e6400vga: can't extract vga rom from bios.bin"
+	)
+	x_ cp "${appdir}/${E6400_VGA_romname}" "${_dest}"
+}
+
+extract_sch5545ec()
+{
+	# full system ROM (UEFI), to extract with UEFIExtract:
+	_bios="${_dl}_extracted/Firmware"
+	_bios="${_bios}/1 ${dlsum} -- 1 System BIOS vA.28.bin"
+	# this is the SCH5545 firmware, inside of the extracted UEFI ROM:
+	_sch5545ec_fw="${_bios}.dump/4 7A9354D9-0468-444A-81CE-0BF617D890DF"
+	_sch5545ec_fw="${_sch5545ec_fw}/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3"
+	_sch5545ec_fw="${_sch5545ec_fw}/0 Raw section/body.bin" # <-- this!
+
+	# this makes the file defined by _sch5545ec_fw available to copy
+	"${uefiextract}" "${_bios}" || \
+	    err "extract_sch5545ec: cannot extract from uefi image"
+	cp "${_sch5545ec_fw}" "${_dest}" || \
+	    err "extract_sch5545ec: cannot copy sch5545ec firmware file"
+}
+
+main $@
diff --git a/script/update/vendor/inject b/script/update/vendor/inject
new file mode 100755
index 00000000..eac4da37
--- /dev/null
+++ b/script/update/vendor/inject
@@ -0,0 +1,316 @@
+#!/usr/bin/env sh
+# SPDX-License-Identifier: GPL-3.0-only
+# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com>
+# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com>
+# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org>
+
+. "include/err.sh"
+. "include/vendor.sh"
+. "include/option.sh"
+
+release_archive="n"
+
+main()
+{
+	[ $# -lt 1 ] && err "No options specified."
+	[ "${1}" = "listboards" ] && \
+		listitems config/coreboot && exit 0
+
+	archive="${1}"
+
+	while getopts r:b:m: option
+	do
+		case "${option}" in
+		r) rom=${OPTARG} ;;
+		b) board=${OPTARG} ;;
+		m) modifygbe=true
+		   new_mac=${OPTARG} ;;
+		esac
+	done
+
+	check_board
+	build_dependencies
+	inject_vendorfiles
+
+	printf "Friendly reminder (this is *not* an error message):\n"
+	printf "Please always ensure that the files were inserted correctly.\n"
+}
+
+check_board()
+{
+	if ! check_release "${archive}" ; then
+		[ -f "${rom}" ] || \
+			err "check_board: \"${rom}\" is not a valid path"
+		[ -z ${rom+x} ] && \
+			err "check_board: no rom specified"
+		[ ! -z ${board+x} ] || \
+			board=$(detect_board "${rom}")
+	else
+		release=true
+		releasearchive="${archive}"
+		board=$(detect_board "${archive}")
+	fi
+
+	boarddir="${cbcfgsdir}/${board}"
+	[ -d "${boarddir}" ] && return 0
+	err "check_board: board ${board} not found"
+}
+
+check_release()
+{
+	[ -f "${archive}" ] || return 1
+	[ "${archive##*.}" = "xz" ] || return 1
+	printf "%s\n" "Release archive ${archive} detected"
+}
+
+# This function tries to determine the board from the filename of the rom.
+# It will only succeed if the filename is not changed from the build/download
+detect_board()
+{
+	path="${1}"
+	filename=$(basename ${path})
+	case ${filename} in
+	grub_*)
+		board=$(echo "${filename}" | cut -d '_' -f2-3) ;;
+	seabios_withgrub_*)
+		board=$(echo "${filename}" | cut -d '_' -f3-4) ;;
+	*.tar.xz)
+		_stripped_prefix=${filename#*_}
+		board="${_stripped_prefix%.tar.xz}" ;;
+	*)
+		err "detect_board: could not detect board type"
+	esac	
+	[ -d "${boarddir}/" ] || \
+		err "detect_board: dir, ${boarddir}, doesn't exist"
+	printf "%s\n" "${board}"
+}
+
+build_dependencies()
+{
+	[ -d "${cbdir}" ] || x_ ./update project trees coreboot default
+	x_ ./build coreboot utils default
+	x_ ./update vendor download ${board}
+}
+
+inject_vendorfiles()
+{
+	release_archive="n"
+	[ "${release}" != "true" ] && x_ patch_rom "${rom}" && return 0
+	printf "patching release file\n"
+	release_archive="y"
+	patch_release_roms
+}
+
+patch_release_roms()
+{
+	_tmpdir="tmp/romdir"
+	x_ rm -Rf "${_tmpdir}"
+	x_ mkdir -p "${_tmpdir}"
+	x_ tar -xf "${releasearchive}" -C "${_tmpdir}"
+
+	for x in "${_tmpdir}"/bin/*/*.rom ; do
+		printf "patching rom: %s\n" "$x"
+		x_ patch_rom "${x}"
+	done
+	for x in "${_tmpdir}"/bin/*/*_nomicrocode.rom ; do
+		[ -f "${x}" ] || continue
+		[ -f "${x%_nomicrocode.rom}.rom" ] || continue
+
+		x_ cp "${x%_nomicrocode.rom}.rom" "${x}"
+		x_ "${cbfstool}" "${x}" remove -n cpu_microcode_blob.bin
+	done
+
+	(
+	x_ cd "${_tmpdir}/bin/"*
+
+	# NOTE: For compatibility with older rom releases, defer to sha1
+	sha512sum --status -c vendorhashes || \
+	    sha1sum --status -c vendorhashes || \
+	    sha512sum --status -c blobhashes || \
+	    sha1sum --status -c blobhashes || \
+	    err "patch_release_roms: ROMs did not match expected hashes"
+	)
+
+	if [ "${modifygbe}" = "true" ]; then
+		for x in "${_tmpdir}"/bin/*/*.rom ; do
+			modify_gbe "${x}"
+		done
+	fi
+
+	[ -d bin/release ] || x_ mkdir -p bin/release
+	x_ mv "${_tmpdir}"/bin/* bin/release/
+
+	printf "Success! Your ROMs are in bin/release\n"
+
+	x_ rm -Rf "${_tmpdir}"
+}
+
+patch_rom()
+{
+	rom="${1}"
+
+	# we don't process no-microcode roms; these are
+	# instead re-created at the end, after re-inserting
+	# on roms with microcode, by copying and then removing,
+	# so that the hashes will match (otherwise, cbfstool
+	# may sometimes insert certain vendor files at the wrong offset)
+	# (unless nomicrocode is the only config provided)
+	[ "${rom}" != "${rom%_nomicrocode.rom}.rom" ] && \
+	[ -f "${rom%_nomicrocode.rom}.rom" ] && \
+	[ "${release_archive}" = "y" ] && return 0
+
+	x_ check_defconfig "${boarddir}"
+
+	set -- "${boarddir}/config/"*
+	. "${1}" 2>/dev/null
+
+	[ "$CONFIG_HAVE_MRC" = "y" ] && \
+		inject_vendorfile_intel_mrc "${rom}"
+	[ "${CONFIG_HAVE_ME_BIN}" = "y" ] && \
+		inject_vendorfile_intel_me "${rom}"
+	[ "${CONFIG_KBC1126_FIRMWARE}" = "y" ] && \
+		inject_vendorfile_hp_kbc1126_ec "${rom}"
+	[ "${CONFIG_VGA_BIOS_FILE}" != "" ] && \
+	    [ "${CONFIG_VGA_BIOS_ID}" != "" ] && \
+		inject_vendorfile_dell_e6400_vgarom_nvidia "${rom}"
+	[ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \
+	    [ "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" != "" ] && \
+		inject_vendorfile_smsc_sch5545_ec "${rom}"
+	[ "${modifygbe}" = "true" ] && ! [ "${release}" = "true" ] && \
+		modify_gbe "${rom}"
+
+	printf "ROM image successfully patched: %s\n" "${rom}"
+}
+
+inject_vendorfile_intel_mrc()
+{
+	rom="${1}"
+
+	printf "adding mrc\n"
+
+	# mrc.bin must be inserted at a specific offset
+
+	# in cbfstool, -b values above 0x80000000 are interpreted as
+	# top-aligned x86 memory locations. this is converted into an
+	# absolute offset within the flash, and inserted accordingly
+	# at that offset into the ROM image file
+
+	# coreboot's own build system hardcodes the mrc.bin offset
+	# because there is only one correct location in memory, but
+	# it would be useful for us if it could be easily scanned
+	# from Kconfig, with the option to change it where in practise
+	# it is not changed
+
+	# the hardcoded offset below is based upon reading of the coreboot
+	# source code, and it is *always* correct for haswell platform.
+	# TODO: this logic should be tweaked to handle more platforms
+
+	x_ "${cbfstool}" "${rom}" add -f mrc/haswell/mrc.bin -n mrc.bin \
+	    -t mrc -b 0xfffa0000
+}
+
+inject_vendorfile_intel_me()
+{
+	printf "adding intel me firmware\n"
+
+	rom="${1}"
+	[ -z ${CONFIG_ME_BIN_PATH} ] && \
+		err "inject_vendorfile_intel_me: CONFIG_ME_BIN_PATH not set"
+
+	_me_location=${CONFIG_ME_BIN_PATH##*../}
+	[ ! -f "${_me_location}" ] && \
+		err "inject_vendorfile_intel_me: per CONFIG_ME_BIN_PATH: file missing"
+
+	x_ "${ifdtool}" -i me:"${_me_location}" "${rom}" -O "${rom}"
+}
+
+inject_vendorfile_hp_kbc1126_ec()
+{
+	rom="${1}"
+
+	_ec1_location="${CONFIG_KBC1126_FW1##*../}"
+	_ec1_offset="${CONFIG_KBC1126_FW1_OFFSET}"
+	_ec2_location="${CONFIG_KBC1126_FW2##*../}"
+	_ec2_offset="${CONFIG_KBC1126_FW2_OFFSET}"
+
+	printf "adding hp kbc1126 ec firmware\n"
+
+	if [ "${_ec1_offset}" = "" ] || [ "${_ec1_offset}" = "" ]; then
+		err "inject_vendorfile_hp_kbc1126_ec: ${board}: offset not declared"
+	elif [ "${_ec1_location}" = "" ] || [ "${_ec2_location}" = "" ]; then
+		err "inject_vendorfile_hp_kbc1126_ec: ${board}: EC path not declared"
+	elif [ ! -f "${_ec1_location}" ] || [ ! -f "${_ec2_location}" ]; then
+		err "inject_vendorfile_hp_kbc1126_ec: ${board}: ecfw not downloaded"
+	fi
+
+	x_ "${cbfstool}" "${rom}" add -f "${_ec1_location}" -n ecfw1.bin \
+	    -b ${_ec1_offset} -t raw
+	x_ "${cbfstool}" "${rom}" add -f "${_ec2_location}" -n ecfw2.bin \
+	    -b ${_ec2_offset} -t raw
+}
+
+inject_vendorfile_dell_e6400_vgarom_nvidia()
+{
+	rom="${1}"
+
+	_vga_location="${CONFIG_VGA_BIOS_FILE##*../}"
+	_vga_dir="${_vga_location%/*}"
+	_vga_filename="${_vga_location##*/}"
+
+	printf "adding pci option rom\n"
+
+	[ "${_vga_dir}" = "${pciromsdir}" ] || \
+		err "inject_vendorfile_dell_e6400vga: invalid pcirom dir: ${_vga_dir}"
+	[ -f "${_vga_location}" ] || \
+		err "inject_vendorfile_dell_e6400vga: ${_vga_location} doesn't exist"
+
+	x_ "${cbfstool}" "${rom}" add -f "${_vga_location}" \
+	    -n "pci${CONFIG_VGA_BIOS_ID}.rom" -t optionrom
+}
+
+inject_vendorfile_smsc_sch5545_ec()
+{
+	rom="${1}"
+	_sch5545ec_location="${CONFIG_SMSC_SCH5545_EC_FW_FILE##*../}"
+	[ -f "${_sch5545ec_location}" ] || \
+		err "inject_vendorfile_smsc_sch5545_ec: SCH5545 fw missing"
+
+	x_ "${cbfstool}" "${rom}" add -f "${_sch5545ec_location}" \
+	    -n sch5545_ecfw.bin -t raw
+}
+
+modify_gbe()
+{
+	printf "changing mac address in gbe to ${new_mac}\n"
+	[ -z ${CONFIG_GBE_BIN_PATH} ] && \
+		err "modify_gbe: ${board}: CONFIG_GBE_BIN_PATH not set"
+
+	rom="${1}"
+	_gbe_location=${CONFIG_GBE_BIN_PATH##*../}
+	[ -f "${_gbe_location}" ] || \
+		err "modify_gbe: CONFIG_GBE_BIN_PATH points to missing file"
+	[ -f "${nvmutil}" ] || \
+		x_ make -C util/nvmutil
+
+	_gbe_tmp=$(mktemp -t gbeXXXX.bin)
+	x_ cp "${_gbe_location}" "${_gbe_tmp}"
+	x_ "${nvmutil}" "${_gbe_tmp}" setmac "${new_mac}"
+	x_ "${ifdtool}" -i GbE:"${_gbe_tmp}" "${rom}" -O "${rom}"
+
+	x_ rm -f "${_gbe_tmp}"
+}
+
+usage()
+{
+	cat <<- EOF
+	USAGE: ./update vendor inject -r [rom path] -b [boardname] -m [macaddress]
+	Example: ./update vendor inject -r x230_12mb.rom -b x230_12mb
+
+	Adding a macadress to the gbe is optional.
+	If the [-m] parameter is left blank, the gbe will not be touched.
+
+	Type './update vendor inject listboards' to get a list of valid boards
+	EOF
+}
+
+main $@