diff options
Diffstat (limited to 'script/vendor')
| -rwxr-xr-x | script/vendor/download | 246 | ||||
| -rwxr-xr-x | script/vendor/inject | 258 | 
2 files changed, 504 insertions, 0 deletions
| diff --git a/script/vendor/download b/script/vendor/download new file mode 100755 index 00000000..40244fff --- /dev/null +++ b/script/vendor/download @@ -0,0 +1,246 @@ +#!/usr/bin/env sh +# SPDX-License-Identifier: GPL-3.0-only +# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> +# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> +# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org> + +. "include/err.sh" +. "include/option.sh" +. "include/mrc.sh" + +export PATH="${PATH}:/sbin" + +_ua="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0" +_7ztest="a" + +e6400_unpack="${PWD}/src/bios_extract/dell_inspiron_1100_unpacker.py" +kbc1126_ec_dump="${PWD}/${cbdir}/util/kbc1126/kbc1126_ec_dump" +me7updateparser="${PWD}/util/me7_update_parser/me7_update_parser.py" +mecleaner="${PWD}/${cbdir}/util/me_cleaner/me_cleaner.py" +pfs_extract="${PWD}/src/biosutilities/Dell_PFS_Extract.py" +uefiextract="${PWD}/src/uefitool/uefiextract" + +eval "$(setvars "" _b _dl EC_url EC_url_bkup EC_hash DL_hash DL_url DL_url_bkup \ +    E6400_VGA_DL_hash E6400_VGA_DL_url E6400_VGA_DL_url_bkup E6400_VGA_offset \ +    E6400_VGA_romname SCH5545EC_DL_url SCH5545EC_DL_url_bkup SCH5545EC_DL_hash)" + +main() +{ +	[ $# -gt 0 ] || err "No argument given" +	board="${1}" +	boarddir="${cbcfgsdir}/${board}" +	_b="${board%%_*mb}" # shorthand (avoid duplicating config per rom size) + +	check_defconfig "${boarddir}" || exit 0 +	detect_firmware && exit 0 +	scan_config "${_b}" "config/vendor" "err" + +	build_dependencies +	download_vendorfiles +} + +detect_firmware() +{ +	set -- "${boarddir}/config/"* +	. "${1}" 2>/dev/null + +	for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \ +	    CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW; do +		eval "[ -z \"\${${c}}\" ] || return 1" +	done +	printf "Vendor files not needed for: %s\n" "${board}" 1>&2 +} + +build_dependencies() +{ +	[ -d ${cbdir} ] || \ +		x_ ./update trees -f coreboot ${cbdir##*/} +	for d in uefitool biosutilities bios_extract; do +		[ -d "src/${d}" ] && continue +		x_ ./update trees -f "${d}" +	done +	[ -f "${uefiextract}" ] || \ +		x_ ./update trees -b uefitool +	[ -f "${kbc1126_ec_dump}" ] || \ +		x_ make -C "${cbdir}/util/kbc1126" +	[ -f "${cbfstool}" ] && [ -f "${ifdtool}" ] && return 0 +	x_ ./update trees -b coreboot utils default +} + +download_vendorfiles() +{ +	[ -z "${CONFIG_HAVE_ME_BIN}" ] || \ +		fetch "intel_me" "${DL_url}" "${DL_url_bkup}" "${DL_hash}" \ +		    "${CONFIG_ME_BIN_PATH}" +	[ -z "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" ] || \ +		fetch "sch5545ec" "${SCH5545EC_DL_url}" \ +		    "${SCH5545EC_DL_url_bkup}" "${SCH5545EC_DL_hash}" \ +		    "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" +	[ -z "${CONFIG_KBC1126_FIRMWARE}" ] || \ +		fetch "kbc1126ec" "${EC_url}" "${EC_url_bkup}" "${EC_hash}" \ +		    "${CONFIG_KBC1126_FW1}" +	[ -z "${CONFIG_VGA_BIOS_FILE}" ] || \ +		fetch "e6400vga" "${E6400_VGA_DL_url}" \ +		    "${E6400_VGA_DL_url_bkup}" "${E6400_VGA_DL_hash}" \ +		    "${CONFIG_VGA_BIOS_FILE}" +	[ -z "${CONFIG_HAVE_MRC}" ] && return 0 +	fetch "mrc" "$MRC_url" "$MRC_url_bkup" "$MRC_hash" "$CONFIG_MRC_FILE" +} + +fetch() +{ +	dl_type="${1}" +	dl="${2}" +	dl_bkup="${3}" +	dlsum="${4}" +	[ "${5# }" = "${5}" ] || err "fetch: space not allowed in _dest: '${5}'" +	[ "${5#/}" = "${5}" ] || err "fetch: absolute path not allowed: '${5}'" +	_dest="${5##*../}" +	_dl="${vendir}/cache/${dlsum}" + +	x_ mkdir -p "${_dl%/*}" + +	dl_fail="y" +	vendor_checksum "${dlsum}" "${_dl}" && dl_fail="n" +	for url in "${dl}" "${dl_bkup}"; do +		[ "${dl_fail}" = "n" ] && break +		[ -z "${url}" ] && continue +		x_ rm -f "${_dl}" +		curl --location --retry 3 -A "${_ua}" "${url}" -o "${_dl}" || \ +		    wget --tries 3 -U "${_ua}" "${url}" -O "${_dl}" || \ +		    continue +		vendor_checksum "${dlsum}" "${_dl}" && dl_fail="n" +	done +	[ "${dl_fail}" = "y" ] && \ +		err "fetch ${dlsum}: matched file unavailable" + +	x_ rm -Rf "${_dl}_extracted" +	mkdirs "${_dest}" "extract_${dl_type}" || return 0 +	eval "extract_${dl_type}" + +	[ -f "${_dest}" ] && return 0 +	err "extract_${dl_type} (fetch): missing file: '${_dest}'" +} + +vendor_checksum() +{ +	[ "$(sha512sum ${2} | awk '{print $1}')" != "${1}" ] || return 0  +	printf "Bad checksum for file: %s\n" "${2}" 1>&2 +	rm -f "${2}" || : +	return 1 +} + +mkdirs() +{ +	[ -f "${1}" ] && \ +		printf "mkdirs ${1} ${2}: already downloaded\n" 1>&2 && return 1 +	mkdir -p "${1%/*}" || err "mkdirs: !mkdir -p ${1%/*}" +	x_ rm -Rf "${appdir}" +	x_ mkdir -p "${appdir}/" +	extract_archive "${_dl}" "${appdir}" || \ +	    [ "${2}" = "extract_e6400vga" ] || err "mkdirs ${1} ${2}: !extract" +} + +extract_intel_me() +{ +	_me="${PWD}/${_dest}" # must always be an absolute path +	cdir="${PWD}/${appdir}" # must always be an absolute path +	[ $# -gt 0 ] && _me="${1}" +	[ $# -gt 0 ] && cdir="${2}" +	[ -f "${_me}" ] && return 0 + +	sdir="$(mktemp -d)" +	mkdir -p "${sdir}" || err "extract_intel_me: !mkdir -p \"${sdir}\"" +	( +	cd "${cdir}" || err "extract_intel_me: !cd \"${cdir}\"" +	for i in *; do +		[ -f "${_me}" ] && break +		[ -L "${i}" ] && continue +		if [ -f "${i}" ]; then +			"${mecleaner}" -r -t -O "${sdir}/vendorfile" \ +			    -M "${_me}" "${i}" && break +			"${mecleaner}" -r -t -O "${_me}" "${i}" && break +			"${me7updateparser}" -O "${_me}" "${i}" && break +			_7ztest="${_7ztest}a" +			extract_archive "${i}" "${_7ztest}" || continue +			extract_intel_me "${_me}" "${cdir}/${_7ztest}" +		elif [ -d "$i" ]; then +			extract_intel_me "${_me}" "${cdir}/${i}" +		else +			continue +		fi +		cdir="${1}" +		cd "${cdir}" +	done +	) +	rm -Rf "${sdir}" || err "extract_intel_me: !rm -Rf ${sdir}" +} + +extract_archive() +{ +	innoextract "${1}" -d "${2}" || python "${pfs_extract}" "${1}" -e || \ +	    7z x "${1}" -o"${2}" || unar "${1}" -o "${2}" || \ +	    unzip "${1}" -d "${2}" || return 1 +} + +extract_kbc1126ec() +{ +	( +	x_ cd "${appdir}/" +	mv Rompaq/68*.BIN ec.bin || : +	if [ ! -f ec.bin ]; then +		unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \ +		    unar -D 68*.CAB Rom.bin || err "can't extract Rom.bin" +		x_ mv Rom.bin ec.bin +	fi +	[ -f ec.bin ] || err "extract_kbc1126_ec ${board}: can't extract" +	"${kbc1126_ec_dump}" ec.bin || \ +	    err "extract_kbc1126_ec ${board}: can't extract ecfw1/2.bin" +	) +	ec_ex="y" +	for i in 1 2; do +		[ -f "${appdir}/ec.bin.fw${i}" ] || ec_ex="n" +	done +	[ "${ec_ex}" = "y" ] || \ +	    err "extract_kbc1126_ec ${board}: didn't extract ecfw1/2.bin" +	cp "${appdir}/"ec.bin.fw* "${_dest%/*}/" || \ +	    err "extract_kbc1126_ec ${board}: can't copy ec binaries" +} + +extract_e6400vga() +{ +	[ "${E6400_VGA_offset}" = "" ] && \ +		err "extract_e6400vga: E6400 VGA offset not defined" +	[ "${E6400_VGA_romname}" = "" ] && \ +		err "extract_e6400vga: E6400 VGA ROM name not defined" +	tail -c +${E6400_VGA_offset} "${_dl}" | \ +	    gunzip >"${appdir}/bios.bin" || : +	( +	x_ cd "${appdir}" +	[ -f "bios.bin" ] || err "extract_e6400vga: can't extract bios.bin" +	"${e6400_unpack}" bios.bin || printf "TODO: fix dell extract util\n" +	[ -f "${E6400_VGA_romname}" ] || \ +		err "extract_e6400vga: can't extract vga rom from bios.bin" +	) +	cp "${appdir}/${E6400_VGA_romname}" "${_dest}" || \ +	    err "extract_e6400vga ${board}: can't copy vga rom to ${_dest}" +} + +extract_sch5545ec() +{ +	# full system ROM (UEFI), to extract with UEFIExtract: +	_bios="${_dl}_extracted/Firmware" +	_bios="${_bios}/1 ${dlsum} -- 1 System BIOS vA.28.bin" +	# this is the SCH5545 firmware, inside of the extracted UEFI ROM: +	_sch5545ec_fw="${_bios}.dump/4 7A9354D9-0468-444A-81CE-0BF617D890DF" +	_sch5545ec_fw="${_sch5545ec_fw}/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3" +	_sch5545ec_fw="${_sch5545ec_fw}/0 Raw section/body.bin" # <-- this! + +	# this makes the file defined by _sch5545ec_fw available to copy +	"${uefiextract}" "${_bios}" || \ +	    err "extract_sch5545ec: cannot extract from uefi image" +	cp "${_sch5545ec_fw}" "${_dest}" || \ +	    err "extract_sch5545ec: cannot copy sch5545ec firmware file" +} + +main $@ diff --git a/script/vendor/inject b/script/vendor/inject new file mode 100755 index 00000000..923224d0 --- /dev/null +++ b/script/vendor/inject @@ -0,0 +1,258 @@ +#!/usr/bin/env sh +# SPDX-License-Identifier: GPL-3.0-only +# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> +# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> +# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org> + +. "include/err.sh" +. "include/option.sh" + +nvmutil="util/nvmutil/nvm" + +eval "$(setvars "" archive rom modifygbe nukemode release new_mac)" + +main() +{ +	[ $# -lt 1 ] && err "No options specified." +	[ "${1}" = "listboards" ] && \ +		items config/coreboot && exit 0 + +	archive="${1}" + +	while getopts n:r:b:m: option; do +		case "${option}" in +		n) nukemode="${OPTARG}" ;; +		r) rom=${OPTARG} ;; +		b) board=${OPTARG} ;; +		m) modifygbe=true +		   new_mac=${OPTARG} ;; +		esac +	done + +	check_board +	build_dependencies +	inject_vendorfiles +	[ "${nukemode}" = "nuke" ] && return 0 +	printf "Friendly reminder (this is *not* an error message):\n" +	printf "Please always ensure that the files were inserted correctly.\n" +} + +check_board() +{ +	if ! check_release "${archive}" ; then +		[ -f "${rom}" ] || \ +			err "check_board: \"${rom}\" is not a valid path" +		[ -z "${rom+x}" ] && \ +			err "check_board: no rom specified" +		[ ! -z ${board+x} ] || \ +			board=$(detect_board "${rom}") +	else +		release="y" +		board=$(detect_board "${archive}") +	fi + +	boarddir="${cbcfgsdir}/${board}" +	[ -d "${boarddir}" ] && return 0 +	err "check_board: board ${board} not found" +} + +check_release() +{ +	[ -f "${archive}" ] || return 1 +	[ "${archive##*.}" = "xz" ] || return 1 +	printf "%s\n" "Release archive ${archive} detected" +} + +# This function tries to determine the board from the filename of the rom. +# It will only succeed if the filename is not changed from the build/download +detect_board() +{ +	path="${1}" +	filename=$(basename ${path}) +	case ${filename} in +	grub_*) +		board=$(echo "${filename}" | cut -d '_' -f2-3) ;; +	seabios_withgrub_*) +		board=$(echo "${filename}" | cut -d '_' -f3-4) ;; +	*.tar.xz) +		_stripped_prefix=${filename#*_} +		board="${_stripped_prefix%.tar.xz}" ;; +	*) +		err "detect_board $filename: could not detect board type" +	esac	 +	[ -d "${boarddir}/" ] || \ +		err "detect_board: dir, ${boarddir}, doesn't exist" +	printf "%s\n" "${board}" +} + +build_dependencies() +{ +	[ -d "${cbdir}" ] || x_ ./update trees -f coreboot default +	if [ ! -f "${cbfstool}" ] || [ ! -f "${ifdtool}" ]; then +		x_ ./update trees -b coreboot utils default +	fi +	[ -z "${new_mac}" ] || [ -f "${nvmutil}" ] || x_ make -C util/nvmutil +	[ "${nukemode}" = "nuke" ] && return 0 +	x_ ./vendor download ${board} +} + +inject_vendorfiles() +{ +	if [ "${release}" != "y" ]; then +		patch_rom "${rom}" +		return 0 +	fi +	printf "patching release images\n" +	patch_release_roms +} + +patch_release_roms() +{ +	_tmpdir="tmp/romdir" +	x_ rm -Rf "${_tmpdir}" +	x_ mkdir -p "${_tmpdir}" +	tar -xf "${archive}" -C "${_tmpdir}" || \ +	    err "patch_release_roms: !tar -xf \"${archive}\" -C \"${_tmpdir}\"" + +	for x in "${_tmpdir}"/bin/*/*.rom ; do +		printf "patching rom: %s\n" "$x" +		patch_rom "${x}" +	done +	for x in "${_tmpdir}"/bin/*/*_nomicrocode.rom ; do +		[ -f "${x}" ] || continue +		[ -f "${x%_nomicrocode.rom}.rom" ] || continue + +		x_ cp "${x%_nomicrocode.rom}.rom" "${x}" +		x_ "${cbfstool}" "${x}" remove -n cpu_microcode_blob.bin +	done + +	( +	x_ cd "${_tmpdir}/bin/"* # TODO: very dodgy, re-write accordingly + +	# NOTE: For compatibility with older rom releases, defer to sha1 +	[ "${nukemode}" = "nuke" ] || \ +	    sha512sum --status -c vendorhashes || \ +	    sha1sum --status -c vendorhashes || \ +	    sha512sum --status -c blobhashes || \ +	    sha1sum --status -c blobhashes || \ +	    err "patch_release_roms: ROMs did not match expected hashes" +	) + +	if [ "${modifygbe}" = "true" ]; then +		for x in "${_tmpdir}"/bin/*/*.rom ; do +			modify_gbe "${x}" +		done +	fi + +	[ -d bin/release ] || x_ mkdir -p bin/release +	x_ mv "${_tmpdir}"/bin/* bin/release/ + +	printf "Success! Your ROMs are in bin/release\n" + +	x_ rm -Rf "${_tmpdir}" +} + +patch_rom() +{ +	rom="${1}" + +	# we don't process no-microcode roms; these are +	# instead re-created at the end, after re-inserting +	# on roms with microcode, by copying and then removing, +	# so that the hashes will match (otherwise, cbfstool +	# may sometimes insert certain vendor files at the wrong offset) +	# (unless nomicrocode is the only config provided) +	[ "${rom}" != "${rom%_nomicrocode.rom}.rom" ] && \ +	[ -f "${rom%_nomicrocode.rom}.rom" ] && \ +	[ "${release}" = "y" ] && return 0 + +	x_ check_defconfig "${boarddir}" + +	set -- "${boarddir}/config/"* +	. "${1}" 2>/dev/null + +	[ "$CONFIG_HAVE_MRC" = "y" ] && \ +		inject "mrc.bin" "${CONFIG_MRC_FILE}" "mrc" "0xfffa0000" +	[ "${CONFIG_HAVE_ME_BIN}" = "y" ] && \ +		inject "IFD" "${CONFIG_ME_BIN_PATH}" "me" +	[ "${CONFIG_KBC1126_FIRMWARE}" = "y" ] && \ +		inject "ecfw1.bin" "$CONFIG_KBC1126_FW1" "raw" \ +		    "${CONFIG_KBC1126_FW1_OFFSET}" && \ +		inject "ecfw2.bin" "$CONFIG_KBC1126_FW2" "raw" \ +		    "${CONFIG_KBC1126_FW2_OFFSET}" +	[ ! -z "${CONFIG_VGA_BIOS_FILE}" ] && \ +	    [ ! -z "${CONFIG_VGA_BIOS_ID}" ] && \ +		inject "pci${CONFIG_VGA_BIOS_ID}.rom" \ +		    "${CONFIG_VGA_BIOS_FILE}" "optionrom" +	[ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \ +	    [ ! -z "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" ] && \ +		inject "sch5545_ecfw.bin" "$CONFIG_SMSC_SCH5545_EC_FW_FILE" raw +	[ "${modifygbe}" = "true" ] && ! [ "${release}" = "y" ] && \ +		inject "IFD" "${CONFIG_GBE_BIN_PATH}" "GbE" + +	printf "ROM image successfully patched: %s\n" "${rom}" +} + +inject() +{ +	[ $# -lt 3 ] && \ +		err "inject $@, $rom: usage: inject name path type (offset)" + +	eval "$(setvars "" cbfsname _dest _t _offset)" +	cbfsname="${1}" +	_dest="${2##*../}" +	_t="${3}" +	[ $# -gt 3 ] && _offset="-b ${4}" && [ -z "${4}" ] && \ +	    err "inject $@, $rom: offset passed, but empty (not defined)" + +	[ -z "${_dest}" ] && err "inject $@, ${rom}: empty destination path" +	[ ! -f "${_dest}" ] && [ "${nukemode}" != "nuke" ] && \ +		err "inject_${dl_type}: file missing, ${_dest}" + +	[ "$nukemode" = "nuke" ] || \ +		printf "Inserting %s/%s into file: %s\n" \ +		    "${cbfsname}" "${_t}" "$rom" + +	if [ "${_t}" = "GbE" ]; then +		x_ mkdir -p tmp +		cp "${_dest}" "tmp/gbe.bin" || \ +		    err "inject: !cp \"${_dest}\" \"tmp/gbe.bin\"" +		_dest="tmp/gbe.bin" +		"${nvmutil}" "${_dest}" setmac "${new_mac}" || \ +		    err "inject ${_dest}: can't change mac address" +	fi +	if [ "${cbfsname}" = "IFD" ]; then +		if [ "${nukemode}" != "nuke" ]; then +			"${ifdtool}" -i ${_t}:${_dest} "${rom}" -O "$rom" || \ +			    err "inject: can't insert $_t ($dest) into $rom" +		else +			"${ifdtool}" --nuke ${_t} "${rom}" -O "${rom}" || \ +			    err "inject ${rom}: can't nuke ${_t} in IFD" +		fi +	else +		if [ "${nukemode}" != "nuke" ]; then +			"${cbfstool}" "${rom}" add -f "${_dest}" \ +			    -n "${cbfsname}" -t ${_t} ${_offset} || \ +			    err "inject $rom: can't insert $_t file $_dest" +		else +			"${cbfstool}" "${rom}" remove -n "${cbfsname}" || \ +			    err "inject $rom: can't remove ${cbfsname}" +		fi + +	fi +} + +usage() +{ +	cat <<- EOF +	USAGE: ./vendor inject -r [rom path] -b [boardname] -m [macaddress] +	Example: ./vendor inject -r x230_12mb.rom -b x230_12mb + +	Adding a macadress to the gbe is optional. +	If the [-m] parameter is left blank, the gbe will not be touched. + +	Type './vendor inject listboards' to get a list of valid boards +	EOF +} + +main $@ | 
