diff options
Diffstat (limited to 'script/update')
-rwxr-xr-x | script/update/project/release | 132 | ||||
-rwxr-xr-x | script/update/project/trees | 18 | ||||
-rwxr-xr-x | script/update/vendor/download | 4 | ||||
-rwxr-xr-x | script/update/vendor/inject | 188 |
4 files changed, 116 insertions, 226 deletions
diff --git a/script/update/project/release b/script/update/project/release index 3b869f6a..0fd29e82 100755 --- a/script/update/project/release +++ b/script/update/project/release @@ -7,9 +7,8 @@ set -u -e . "include/err.sh" -eval "$(setvars "" vdir basename src_dirname srcdir _nogit _xm target romdir \ - microcode_required CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN \ - CONFIG_KBC1126_FIRMWARE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW)" +eval "$(setvars "" vdir relname src_dirname srcdir _nogit _xm target romdir \ + microcode_required mode)" _f="coreboot u-boot seabios flashrom grub memtest86plus uefitool" _f="${_f} bios_extract biosutilities pico-serprog stm32-vserprog" @@ -21,18 +20,18 @@ cbfstool="cbutils/default/cbfstool" main() { vdir="release" - while getopts d: option - do - case "${1}" in - -d) vdir="${2}" ;; + while getopts d:m: option; do + [ -z "${OPTARG}" ] && err "Empty argument not allowed" + case "${option}" in + d) vdir="${OPTARG}" ;; + m) mode="${OPTARG}" ;; *) err "Invalid option" ;; esac done - [ -z "${vdir}" ] && err "Empty directory names not allowed" vdir="${vdir}/${version}" - basename="${projectname}-${version}" - src_dirname="${basename}_src" + relname="${projectname}-${version}" + src_dirname="${relname}_src" srcdir="${vdir}/${src_dirname}" [ -e "${vdir}" ] && err "already exists: \"${vdir}\"" @@ -72,15 +71,18 @@ build_release() _xm="build_release ${vdir}" ( cd "${srcdir}" || err "${_xm}: !cd \"${srcdir}\"" - fetch_trees - mkrom_images - clean_release ) ( cd "${srcdir%/*}" || err "${_xm}: mktarball \"${srcdir}\"" mktarball "${srcdir##*/}" "${srcdir##*/}.tar.xz" || err "${_xm}: mksrc" ) + if [ "${mode}" != "src" ]; then + ( + cd "${srcdir}" || err "${_xm}: 2 !cd \"${srcdir}\"" + mkrom_images + ) + fi rm -Rf "${srcdir}" || err "${_xm}: !rm -Rf \"${srcdir}\"" } @@ -89,16 +91,14 @@ fetch_trees() for x in ${_f}; do ./update project trees -f "${x}" || err "${_xm}: fetch ${x}" done - - x_ rm -Rf src/coreboot/coreboot src/u-boot/u-boot src/seabios/seabios - - # by doing this first, we build-test under the same conditions as - # the user, when they extract and build from the src tarball. this - # saves time on build-testing, because we build once, not twice. thus: - + for x in config/*/build.list; do + [ -f "${x}" ] || continue + xp="${x#*/}"; xp="${xp%/*}" + [ -L "${xp}" ] || x_ rm -Rf "src/${xp}/${xp}" + done rm -Rf */.git* */*/.git* */*/*/.git* */*/*/*/.git* */*/*/*/*/.git* \ - */*/*/*/*/*/.git* */*/*/*/*/*/*/.git* */*/*/*/*/*/*/*/.git* || \ - err "${_xm}: rm-dotgit" + */*/*/*/*/*/.git* */*/*/*/*/*/*/.git* */*/*/*/*/*/*/*/.git* \ + .git tmp || err "${_xm}: rm-dotgit" } mkrom_images() @@ -124,7 +124,7 @@ handle_rom_archive() if [ ! -f "config/coreboot/${target}/target.cfg" ]; then # No config, just make a tarball - tarball="release/${version}/roms/${basename}_${target}.tar.xz" + tarball="release/${version}/roms/${relname}_${target}.tar.xz" insert_copying_files "${builddir}" mktarball "${builddir}" "${tarball}" return 0 @@ -134,7 +134,7 @@ handle_rom_archive() x_ mkdir -p "${romdir}" x_ cp "${builddir}/"* "${romdir}" - handle_vendorfiles + nukerom printf "Generating release/%s/roms/%s-%s_%s.tar.xz\n" \ "${version}" "${projectname}" "${version}" "${target##*/}" @@ -145,30 +145,12 @@ handle_rom_archive() mkrom_tarball } -handle_vendorfiles() +nukerom() { microcode_required="y" . "config/coreboot/${target}/target.cfg" if [ "${microcode_required}" != "y" ] && \ [ "${microcode_required}" != "n" ]; then microcode_required="y"; fi - - for x in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \ - CONFIG_INCLUDE_SMSC_SCH5545_EC_FW; do - eval "${x}=\"y\"" - grep "${x}=y" "config/coreboot/${target}/config/"* || \ - eval "${x}=\"n\"" - done - - # remove ME/MRC/EC firmware from ROM images - if [ "${CONFIG_HAVE_ME_BIN}" = "y" ] || \ - [ "${target}" = "e6400_4mb" ] || \ - [ "${microcode_required}" = "n" ]; then - strip_archive - fi -} - -strip_archive() -{ if [ "${microcode_required}" = "n" ]; then for romfile in "${romdir}"/*.rom; do [ -f "${romfile}" ] || continue @@ -180,16 +162,18 @@ strip_archive() done fi - # Hash the rom before removing vendor files + # Hash the images before removing vendor files + # which ./update vendor inject uses for verification x_ rm -f "${romdir}/vendorhashes" x_ touch "${romdir}/vendorhashes" ( x_ cd "${romdir}" x_ sha512sum *.rom >> vendorhashes ) + for romfile in "${romdir}"/*.rom; do [ -f "${romfile}" ] || continue - strip_rom_image "${romfile}" + x_ ./update vendor inject -r "${romfile}" -b ${target} -n nuke done } @@ -207,24 +191,6 @@ strip_ucode() x_ mv "${romfile}" "${_newrom_b}" } -strip_rom_image() -{ - [ -f "${1}" ] || return 0 - [ "${CONFIG_HAVE_ME_BIN}" != "y" ] || \ - x_ "${ifdtool}" --nuke me "${1}" -O "${1}" - [ "${CONFIG_HAVE_MRC}" != "y" ] || \ - x_ "${cbfstool}" "${1}" remove -n mrc.bin - [ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" != "y" ] || \ - x_ "${cbfstool}" "${1}" remove -n sch5545_ecfw.bin - if [ "${CONFIG_KBC1126_FIRMWARE}" = "y" ]; then - x_ "${cbfstool}" "${1}" remove -n ecfw1.bin - x_ "${cbfstool}" "${1}" remove -n ecfw2.bin - fi - # TODO: replace this board-specific hack - [ "${target}" = "e6400_4mb" ] || return 0 - x_ "${cbfstool}" "${1}" remove -n "pci10de,06eb.rom" -} - insert_copying_files() { x_ rm -Rf "${1}/licenses" @@ -241,7 +207,7 @@ insert_copying_files() mkrom_tarball() { - archivename="${basename}_${target##*/}" + archivename="${relname}_${target##*/}" f="release/${version}/roms/${archivename}" x_ mkdir -p "${f%/*}" ( @@ -253,32 +219,6 @@ mkrom_tarball() printf "Created ROM archive: ${f%/*}/${archivename}.tar.xz" } -clean_release() -{ - for x in "src/coreboot/default/util/kbc1126" util/*; do - [ ! -f "${x}/Makefile" ] && continue - x_ make clean -C "${x}" - done - - for x in ${_f}; do - ./update project trees -c "${x}" || err "${_xm}: pclean ${x}" - done - ./update project trees -x coreboot || err "${_xm}: clean-crossgcc" - ./update project trees -c "stm32-vserprog/libopencm3" - - # make absolutely sure crossgcc was purged. for some reason, - # crossgcc-clean isn't always reliable on every coreboot tree - for xgcc in "build-" "binutils-" "gcc-" "gmp-" "mpc-" "mpfr-" \ - "llvm-" "clang-tools-" "cfe-" "compiler-rt-" "acpica-" \ - "getopt" "xgcc"; do - x_ rm -Rf src/coreboot/*/util/crossgcc/${xgcc}* - done - - rm -Rf vendor mrc ec pciroms || err "${_xm}: vendor files" - rm -Rf elf tmp cbutils src/pico-serprog/build release bin || \ - err "${_xm}: elf, tmp, cbutils, pico-serprog/build" -} - insert_version_files() { printf "%s\n" "${version}" > "${1}/version" || return 1 @@ -288,8 +228,18 @@ insert_version_files() mktarball() { + # preserve timestamps for reproducible tarballs + tar_implementation=$(tar --version | head -n1) || : + [ "${2%/*}" = "${2}" ] || x_ mkdir -p "${2%/*}" - x_ tar -c "${1}" | xz -T0 -9e > "${2}" + if [ "${tar_implementation% *}" = "tar (GNU tar)" ]; then + tar --sort=name --owner=root:0 --group=root:0 \ + --mtime="UTC 2023-10-14" -c "${1}" | xz -T0 -9e > "${2}" || \ + err "mktarball 1, ${1}" + else + # TODO: reproducible tarballs on non-GNU systems + tar -c "${1}" | xz -T0 -9e > "${2}" || err "mktarball 2, ${1}" + fi ( [ "${2%/*}" != "${2}" ] && x_ cd "${2%/*}" x_ sha512sum "${2##*/}" > "${2##*/}.sha512" diff --git a/script/update/project/trees b/script/update/project/trees index 6a31d8d0..bb0899f0 100755 --- a/script/update/project/trees +++ b/script/update/project/trees @@ -1,6 +1,6 @@ #!/usr/bin/env sh # SPDX-License-Identifier: GPL-3.0-or-later -# SPDX-FileCopyrightText: 2022 Alper Nebi Yasak <alpernebiyasak@gmail.com> +# SPDX-FileCopyrightText: 2022-2023 Alper Nebi Yasak <alpernebiyasak@gmail.com> # SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> # SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org> @@ -21,7 +21,7 @@ tmpclean="$(mktemp -d -t makeclean.XXXXXXXXXX)" main() { - while getopts f:b:m:u:c:x: option + while getopts f:b:m:u:c:x:s:l:n: option do _f="${1}" case "${1}" in @@ -31,11 +31,14 @@ main() -c) mode="distclean" ;; -x) mode="crossgcc-clean" ;; -f) mode="fetch" ;; + -s) mode="savedefconfig" ;; + -l) mode="olddefconfig" ;; + -n) mode="nconfig" ;; *) err "Invalid option" ;; esac shift; project="${OPTARG#src/}"; shift done - [ -z "${_f}" ] && err "flag not specified (-m, -u, -b, -c or -x)" + [ -z "${_f}" ] && err "flag not specified (-m, -u, -b, -c, -x, -f, -s, -l or -n)" [ -z "${project}" ] && err "project name not specified" if [ ! -f "config/${project}/build.list" ]; then @@ -193,9 +196,7 @@ check_cross_compiler() cbdir="src/coreboot/${tree}" [ "${project}" != "coreboot" ] && \ - cbdir="src/coreboot/default" # not u-boot (e.g. linux) - [ "${project}" = "u-boot" ] && \ - cbdir="src/coreboot/cros" # u-boot only used on coreboot/cros + cbdir="src/coreboot/default" # only true if not building coreboot: ctarget="${cbdir#src/coreboot/}" @@ -263,8 +264,11 @@ handle_makefile() if [ -e "${codedir}/.git" ] && [ "${project}" = "u-boot" ] && \ [ "${mode}" = "distclean" ]; then x_ git -C "${codedir}" clean -fdx - elif [ "${mode}" = "oldconfig" ] || [ "${mode}" = "menuconfig" ]; then + elif [ "${mode}" = "oldconfig" ] || [ "${mode}" = "olddefconfig" ] || \ + [ "${mode}" = "menuconfig" ] || [ "${mode}" = "nconfig" ]; then x_ cp "${codedir}/.config" "${config}" + elif [ "${mode}" = "savedefconfig" ]; then + x_ cp "${codedir}/defconfig" "${config}" fi } diff --git a/script/update/vendor/download b/script/update/vendor/download index 2d90b9b0..6c83b0ca 100755 --- a/script/update/vendor/download +++ b/script/update/vendor/download @@ -50,7 +50,9 @@ build_dependencies() x_ ./update project trees -b uefitool [ -f "${kbc1126_ec_dump}" ] || \ x_ make -C "${cbdir}/util/kbc1126" - x_ ./update project trees -b coreboot utils default + if [ ! -f "${cbfstool}" ] || [ ! -f "${ifdtool}" ]; then + x_ ./update project trees -b coreboot utils default + fi } download_vendorfiles() diff --git a/script/update/vendor/inject b/script/update/vendor/inject index 3340a723..10692196 100755 --- a/script/update/vendor/inject +++ b/script/update/vendor/inject @@ -18,9 +18,9 @@ main() archive="${1}" - while getopts r:b:m: option - do + while getopts n:r:b:m: option; do case "${option}" in + n) nukemode="${OPTARG}" ;; r) rom=${OPTARG} ;; b) board=${OPTARG} ;; m) modifygbe=true @@ -31,7 +31,7 @@ main() check_board build_dependencies inject_vendorfiles - + [ "${nukemode}" = "nuke" ] && return 0 printf "Friendly reminder (this is *not* an error message):\n" printf "Please always ensure that the files were inserted correctly.\n" } @@ -88,7 +88,11 @@ detect_board() build_dependencies() { [ -d "${cbdir}" ] || x_ ./update project trees -f coreboot default - x_ ./update project trees -b coreboot utils default + if [ ! -f "${cbfstool}" ] || [ ! -f "${ifdtool}" ]; then + x_ ./update project trees -b coreboot utils default + fi + [ -z "${new_mac}" ] || [ -f "${nvmutil}" ] || x_ make -C util/nvmutil + [ "${nukemode}" = "nuke" ] && return 0 x_ ./update vendor download ${board} } @@ -124,7 +128,8 @@ patch_release_roms() x_ cd "${_tmpdir}/bin/"* # NOTE: For compatibility with older rom releases, defer to sha1 - sha512sum --status -c vendorhashes || \ + [ "${nukemode}" = "nuke" ] || \ + sha512sum --status -c vendorhashes || \ sha1sum --status -c vendorhashes || \ sha512sum --status -c blobhashes || \ sha1sum --status -c blobhashes || \ @@ -165,139 +170,68 @@ patch_rom() . "${1}" 2>/dev/null [ "$CONFIG_HAVE_MRC" = "y" ] && \ - inject_vendorfile_intel_mrc "${rom}" + inject "mrc.bin" "${CONFIG_MRC_FILE}" "mrc" "0xfffa0000" [ "${CONFIG_HAVE_ME_BIN}" = "y" ] && \ - inject_vendorfile_intel_me "${rom}" + inject "IFD" "${CONFIG_ME_BIN_PATH}" "me" [ "${CONFIG_KBC1126_FIRMWARE}" = "y" ] && \ - inject_vendorfile_hp_kbc1126_ec "${rom}" - [ "${CONFIG_VGA_BIOS_FILE}" != "" ] && \ - [ "${CONFIG_VGA_BIOS_ID}" != "" ] && \ - inject_vendorfile_dell_e6400_vgarom_nvidia "${rom}" + inject "ecfw1.bin" "$CONFIG_KBC1126_FW1" "raw" \ + "${CONFIG_KBC1126_FW1_OFFSET}" && \ + inject "ecfw2.bin" "$CONFIG_KBC1126_FW2" "raw" \ + "${CONFIG_KBC1126_FW2_OFFSET}" + [ ! -z "${CONFIG_VGA_BIOS_FILE}" ] && \ + [ ! -z "${CONFIG_VGA_BIOS_ID}" ] && \ + inject "pci${CONFIG_VGA_BIOS_ID}.rom" \ + "${CONFIG_VGA_BIOS_FILE}" "optionrom" [ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \ - [ "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" != "" ] && \ - inject_vendorfile_smsc_sch5545_ec "${rom}" + [ ! -z "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" ] && \ + inject "sch5545_ecfw.bin" "$CONFIG_SMSC_SCH5545_EC_FW_FILE" raw [ "${modifygbe}" = "true" ] && ! [ "${release}" = "true" ] && \ - modify_gbe "${rom}" + inject "IFD" "${CONFIG_GBE_BIN_PATH}" "GbE" printf "ROM image successfully patched: %s\n" "${rom}" } -inject_vendorfile_intel_mrc() -{ - rom="${1}" - - printf "adding mrc\n" - - # mrc.bin must be inserted at a specific offset - - # in cbfstool, -b values above 0x80000000 are interpreted as - # top-aligned x86 memory locations. this is converted into an - # absolute offset within the flash, and inserted accordingly - # at that offset into the ROM image file - - # coreboot's own build system hardcodes the mrc.bin offset - # because there is only one correct location in memory, but - # it would be useful for us if it could be easily scanned - # from Kconfig, with the option to change it where in practise - # it is not changed - - # the hardcoded offset below is based upon reading of the coreboot - # source code, and it is *always* correct for haswell platform. - # TODO: this logic should be tweaked to handle more platforms - - x_ "${cbfstool}" "${rom}" add -f mrc/haswell/mrc.bin -n mrc.bin \ - -t mrc -b 0xfffa0000 -} - -inject_vendorfile_intel_me() +inject() { - printf "adding intel me firmware\n" - - rom="${1}" - [ -z "${CONFIG_ME_BIN_PATH}" ] && \ - err "inject_vendorfile_intel_me: CONFIG_ME_BIN_PATH not set" - - _me_location=${CONFIG_ME_BIN_PATH##*../} - [ ! -f "${_me_location}" ] && \ - err "inject_vendorfile_intel_me: per CONFIG_ME_BIN_PATH: file missing" - - x_ "${ifdtool}" -i me:"${_me_location}" "${rom}" -O "${rom}" -} - -inject_vendorfile_hp_kbc1126_ec() -{ - rom="${1}" - - _ec1_location="${CONFIG_KBC1126_FW1##*../}" - _ec1_offset="${CONFIG_KBC1126_FW1_OFFSET}" - _ec2_location="${CONFIG_KBC1126_FW2##*../}" - _ec2_offset="${CONFIG_KBC1126_FW2_OFFSET}" - - printf "adding hp kbc1126 ec firmware\n" - - if [ "${_ec1_offset}" = "" ] || [ "${_ec1_offset}" = "" ]; then - err "inject_vendorfile_hp_kbc1126_ec: ${board}: offset not declared" - elif [ "${_ec1_location}" = "" ] || [ "${_ec2_location}" = "" ]; then - err "inject_vendorfile_hp_kbc1126_ec: ${board}: EC path not declared" - elif [ ! -f "${_ec1_location}" ] || [ ! -f "${_ec2_location}" ]; then - err "inject_vendorfile_hp_kbc1126_ec: ${board}: ecfw not downloaded" + [ $# -lt 3 ] && \ + err "inject $@, $rom: usage: inject name path type (offset)" + + eval "$(setvars "" cbfsname _dest _t _offset)" + cbfsname="${1}" + _dest="${2##*../}" + _t="${3}" + [ $# -gt 3 ] && _offset="-b ${4}" && [ -z "${4}" ] && \ + err "inject $@, $rom: offset passed, but empty (not defined)" + + [ -z "${_dest}" ] && err "inject $@, ${rom}: empty destination path" + [ ! -f "${_dest}" ] && [ "${nukemode}" != "nuke" ] && \ + err "inject_${dl_type}: file missing, ${_dest}" + + [ "$nukemode" = "nuke" ] || \ + printf "Inserting %s/%s into file: %s\n" \ + "${cbfsname}" "${_t}" "$rom" + + if [ "${_t}" = "GbE" ]; then + x_ mkdir -p tmp + x_ cp "${_dest}" "tmp/gbe.bin" + _dest="tmp/gbe.bin" + x_ "${nvmutil}" "${_dest}" setmac "${new_mac}" fi + if [ "${cbfsname}" = "IFD" ]; then + if [ "${nukemode}" != "nuke" ]; then + x_ "${ifdtool}" -i ${_t}:${_dest} "${rom}" -O "$rom" + else + x_ "${ifdtool}" --nuke ${_t} "${rom}" -O "${rom}" + fi + else + if [ "${nukemode}" != "nuke" ]; then + x_ "${cbfstool}" "${rom}" add -f "${_dest}" \ + -n "${cbfsname}" -t ${_t} ${_offset} + else + x_ "${cbfstool}" "${rom}" remove -n "${cbfsname}" + fi - x_ "${cbfstool}" "${rom}" add -f "${_ec1_location}" -n ecfw1.bin \ - -b ${_ec1_offset} -t raw - x_ "${cbfstool}" "${rom}" add -f "${_ec2_location}" -n ecfw2.bin \ - -b ${_ec2_offset} -t raw -} - -inject_vendorfile_dell_e6400_vgarom_nvidia() -{ - rom="${1}" - - _vga_location="${CONFIG_VGA_BIOS_FILE##*../}" - _vga_dir="${_vga_location%/*}" - _vga_filename="${_vga_location##*/}" - - printf "adding pci option rom\n" - - [ "${_vga_dir}" = "${pciromsdir}" ] || \ - err "inject_vendorfile_dell_e6400vga: invalid pcirom dir: ${_vga_dir}" - [ -f "${_vga_location}" ] || \ - err "inject_vendorfile_dell_e6400vga: ${_vga_location} doesn't exist" - - x_ "${cbfstool}" "${rom}" add -f "${_vga_location}" \ - -n "pci${CONFIG_VGA_BIOS_ID}.rom" -t optionrom -} - -inject_vendorfile_smsc_sch5545_ec() -{ - rom="${1}" - _sch5545ec_location="${CONFIG_SMSC_SCH5545_EC_FW_FILE##*../}" - [ -f "${_sch5545ec_location}" ] || \ - err "inject_vendorfile_smsc_sch5545_ec: SCH5545 fw missing" - - x_ "${cbfstool}" "${rom}" add -f "${_sch5545ec_location}" \ - -n sch5545_ecfw.bin -t raw -} - -modify_gbe() -{ - printf "changing mac address in gbe to ${new_mac}\n" - [ -z "${CONFIG_GBE_BIN_PATH}" ] && \ - err "modify_gbe: ${board}: CONFIG_GBE_BIN_PATH not set" - - rom="${1}" - _gbe_location=${CONFIG_GBE_BIN_PATH##*../} - [ -f "${_gbe_location}" ] || \ - err "modify_gbe: CONFIG_GBE_BIN_PATH points to missing file" - [ -f "${nvmutil}" ] || \ - x_ make -C util/nvmutil - - _gbe_tmp=$(mktemp -t gbeXXXX.bin) - x_ cp "${_gbe_location}" "${_gbe_tmp}" - x_ "${nvmutil}" "${_gbe_tmp}" setmac "${new_mac}" - x_ "${ifdtool}" -i GbE:"${_gbe_tmp}" "${rom}" -O "${rom}" - - x_ rm -f "${_gbe_tmp}" + fi } usage() |