diff options
Diffstat (limited to 'script/vendor')
| -rwxr-xr-x | script/vendor/download | 244 | ||||
| -rwxr-xr-x | script/vendor/inject | 248 |
2 files changed, 492 insertions, 0 deletions
diff --git a/script/vendor/download b/script/vendor/download new file mode 100755 index 00000000..e8c7e5a4 --- /dev/null +++ b/script/vendor/download @@ -0,0 +1,244 @@ +#!/usr/bin/env sh +# SPDX-License-Identifier: GPL-3.0-only +# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> +# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> +# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org> + +. "include/err.sh" +. "include/option.sh" +. "include/mrc.sh" + +export PATH="${PATH}:/sbin" + +_ua="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0" +_7ztest="a" + +e6400_unpack="${PWD}/src/bios_extract/dell_inspiron_1100_unpacker.py" +kbc1126_ec_dump="${PWD}/${cbdir}/util/kbc1126/kbc1126_ec_dump" +me7updateparser="${PWD}/util/me7_update_parser/me7_update_parser.py" +mecleaner="${PWD}/${cbdir}/util/me_cleaner/me_cleaner.py" +pfs_extract="${PWD}/src/biosutilities/Dell_PFS_Extract.py" +uefiextract="${PWD}/src/uefitool/uefiextract" + +eval "$(setvars "" _b _dl EC_url EC_url_bkup EC_hash DL_hash DL_url DL_url_bkup \ + E6400_VGA_DL_hash E6400_VGA_DL_url E6400_VGA_DL_url_bkup E6400_VGA_offset \ + E6400_VGA_romname SCH5545EC_DL_url SCH5545EC_DL_url_bkup SCH5545EC_DL_hash)" + +main() +{ + [ $# -gt 0 ] || err "No argument given" + board="${1}" + boarddir="${cbcfgsdir}/${board}" + _b="${board%%_*mb}" # shorthand (avoid duplicating config per rom size) + + check_defconfig "${boarddir}" || exit 0 + detect_firmware && exit 0 + scan_config "${_b}" "config/vendor" "err" + + build_dependencies + download_vendorfiles +} + +detect_firmware() +{ + set -- "${boarddir}/config/"* + . "${1}" 2>/dev/null + + for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \ + CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW; do + eval "[ -z \"\${${c}}\" ] || return 1" + done + printf "Vendor files not needed for: %s\n" "${board}" 1>&2 +} + +build_dependencies() +{ + [ -d ${cbdir} ] || \ + x_ ./update trees -f coreboot ${cbdir##*/} + for d in uefitool biosutilities bios_extract; do + [ -d "src/${d}" ] && continue + x_ ./update trees -f "${d}" + done + [ -f "${uefiextract}" ] || \ + x_ ./update trees -b uefitool + [ -f "${kbc1126_ec_dump}" ] || \ + x_ make -C "${cbdir}/util/kbc1126" + [ -f "${cbfstool}" ] && [ -f "${ifdtool}" ] && return 0 + x_ ./update trees -b coreboot utils default +} + +download_vendorfiles() +{ + [ -z "${CONFIG_HAVE_ME_BIN}" ] || \ + fetch "intel_me" "${DL_url}" "${DL_url_bkup}" "${DL_hash}" \ + "${CONFIG_ME_BIN_PATH}" + [ -z "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" ] || \ + fetch "sch5545ec" "${SCH5545EC_DL_url}" \ + "${SCH5545EC_DL_url_bkup}" "${SCH5545EC_DL_hash}" \ + "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" + [ -z "${CONFIG_KBC1126_FIRMWARE}" ] || \ + fetch "kbc1126ec" "${EC_url}" "${EC_url_bkup}" "${EC_hash}" \ + "${CONFIG_KBC1126_FW1}" + [ -z "${CONFIG_VGA_BIOS_FILE}" ] || \ + fetch "e6400vga" "${E6400_VGA_DL_url}" \ + "${E6400_VGA_DL_url_bkup}" "${E6400_VGA_DL_hash}" \ + "${CONFIG_VGA_BIOS_FILE}" + [ -z "${CONFIG_HAVE_MRC}" ] && return 0 + fetch "mrc" "$MRC_url" "$MRC_url_bkup" "$MRC_hash" "$CONFIG_MRC_FILE" +} + +fetch() +{ + dl_type="${1}" + dl="${2}" + dl_bkup="${3}" + dlsum="${4}" + [ "${5# }" = "${5}" ] || err "fetch: space not allowed in _dest: '${5}'" + [ "${5#/}" = "${5}" ] || err "fetch: absolute path not allowed: '${5}'" + _dest="${5##*../}" + _dl="${vendir}/cache/${dlsum}" + + x_ mkdir -p "${_dl%/*}" + + dl_fail="y" + vendor_checksum "${dlsum}" "${_dl}" && dl_fail="n" + for url in "${dl}" "${dl_bkup}"; do + [ "${dl_fail}" = "n" ] && break + [ -z "${url}" ] && continue + x_ rm -f "${_dl}" + curl --location --retry 3 -A "${_ua}" "${url}" -o "${_dl}" || \ + wget --tries 3 -U "${_ua}" "${url}" -O "${_dl}" || \ + continue + vendor_checksum "${dlsum}" "${_dl}" && dl_fail="n" + done + [ "${dl_fail}" = "y" ] && \ + err "fetch ${dlsum}: matched file unavailable" + + x_ rm -Rf "${_dl}_extracted" + mkdirs "${_dest}" "extract_${dl_type}" || return 0 + eval "extract_${dl_type}" + + [ -f "${_dest}" ] && return 0 + err "extract_${dl_type} (fetch): missing file: '${_dest}'" +} + +vendor_checksum() +{ + [ "$(sha512sum ${2} | awk '{print $1}')" != "${1}" ] || return 0 + printf "Bad checksum for file: %s\n" "${2}" 1>&2 + rm -f "${2}" || : + return 1 +} + +mkdirs() +{ + [ -f "${1}" ] && \ + printf "mkdirs ${1} ${2}: already downloaded\n" 1>&2 && return 1 + x_ mkdir -p "${1%/*}" + x_ rm -Rf "${appdir}" + x_ mkdir -p "${appdir}/" + extract_archive "${_dl}" "${appdir}" || \ + [ "${2}" = "extract_e6400vga" ] || err "mkdirs ${1} ${2}: !extract" +} + +extract_intel_me() +{ + _me="${PWD}/${_dest}" # must always be an absolute path + cdir="${PWD}/${appdir}" # must always be an absolute path + [ $# -gt 0 ] && _me="${1}" + [ $# -gt 0 ] && cdir="${2}" + [ -f "${_me}" ] && return 0 + + sdir="$(mktemp -d)" + mkdir -p "${sdir}" || err "extract_intel_me: !mkdir -p \"${sdir}\"" + ( + cd "${cdir}" || err "extract_intel_me: !cd \"${cdir}\"" + for i in *; do + [ -f "${_me}" ] && break + [ -L "${i}" ] && continue + if [ -f "${i}" ]; then + "${mecleaner}" -r -t -O "${sdir}/vendorfile" \ + -M "${_me}" "${i}" && break + "${mecleaner}" -r -t -O "${_me}" "${i}" && break + "${me7updateparser}" -O "${_me}" "${i}" && break + _7ztest="${_7ztest}a" + extract_archive "${i}" "${_7ztest}" || continue + extract_intel_me "${_me}" "${cdir}/${_7ztest}" + elif [ -d "$i" ]; then + extract_intel_me "${_me}" "${cdir}/${i}" + else + continue + fi + cdir="${1}" + cd "${cdir}" + done + ) + rm -Rf "${sdir}" || err "extract_intel_me: !rm -Rf ${sdir}" +} + +extract_archive() +{ + innoextract "${1}" -d "${2}" || python "${pfs_extract}" "${1}" -e || \ + 7z x "${1}" -o"${2}" || unar "${1}" -o "${2}" || \ + unzip "${1}" -d "${2}" || return 1 +} + +extract_kbc1126ec() +{ + ( + x_ cd "${appdir}/" + mv Rompaq/68*.BIN ec.bin || : + if [ ! -f ec.bin ]; then + unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \ + x_ unar -D 68*.CAB Rom.bin + x_ mv Rom.bin ec.bin + fi + [ -f ec.bin ] || err "extract_kbc1126_ec ${board}: can't extract" + "${kbc1126_ec_dump}" ec.bin || \ + err "extract_kbc1126_ec ${board}: can't extract ecfw1/2.bin" + ) + ec_ex="y" + for i in 1 2; do + [ -f "${appdir}/ec.bin.fw${i}" ] || ec_ex="n" + done + [ "${ec_ex}" = "y" ] || \ + err "extract_kbc1126_ec ${board}: didn't extract ecfw1/2.bin" + x_ cp "${appdir}/"ec.bin.fw* "${_dest%/*}/" +} + +extract_e6400vga() +{ + [ "${E6400_VGA_offset}" = "" ] && \ + err "extract_e6400vga: E6400 VGA offset not defined" + [ "${E6400_VGA_romname}" = "" ] && \ + err "extract_e6400vga: E6400 VGA ROM name not defined" + tail -c +${E6400_VGA_offset} "${_dl}" | \ + gunzip >"${appdir}/bios.bin" || : + ( + x_ cd "${appdir}" + [ -f "bios.bin" ] || err "extract_e6400vga: can't extract bios.bin" + "${e6400_unpack}" bios.bin || printf "TODO: fix dell extract util\n" + [ -f "${E6400_VGA_romname}" ] || \ + err "extract_e6400vga: can't extract vga rom from bios.bin" + ) + x_ cp "${appdir}/${E6400_VGA_romname}" "${_dest}" +} + +extract_sch5545ec() +{ + # full system ROM (UEFI), to extract with UEFIExtract: + _bios="${_dl}_extracted/Firmware" + _bios="${_bios}/1 ${dlsum} -- 1 System BIOS vA.28.bin" + # this is the SCH5545 firmware, inside of the extracted UEFI ROM: + _sch5545ec_fw="${_bios}.dump/4 7A9354D9-0468-444A-81CE-0BF617D890DF" + _sch5545ec_fw="${_sch5545ec_fw}/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3" + _sch5545ec_fw="${_sch5545ec_fw}/0 Raw section/body.bin" # <-- this! + + # this makes the file defined by _sch5545ec_fw available to copy + "${uefiextract}" "${_bios}" || \ + err "extract_sch5545ec: cannot extract from uefi image" + cp "${_sch5545ec_fw}" "${_dest}" || \ + err "extract_sch5545ec: cannot copy sch5545ec firmware file" +} + +main $@ diff --git a/script/vendor/inject b/script/vendor/inject new file mode 100755 index 00000000..1eebca30 --- /dev/null +++ b/script/vendor/inject @@ -0,0 +1,248 @@ +#!/usr/bin/env sh +# SPDX-License-Identifier: GPL-3.0-only +# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> +# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> +# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org> + +. "include/err.sh" +. "include/option.sh" + +nvmutil="util/nvmutil/nvm" + +eval "$(setvars "" archive rom modifygbe nukemode release new_mac)" + +main() +{ + [ $# -lt 1 ] && err "No options specified." + [ "${1}" = "listboards" ] && \ + items config/coreboot && exit 0 + + archive="${1}" + + while getopts n:r:b:m: option; do + case "${option}" in + n) nukemode="${OPTARG}" ;; + r) rom=${OPTARG} ;; + b) board=${OPTARG} ;; + m) modifygbe=true + new_mac=${OPTARG} ;; + esac + done + + check_board + build_dependencies + inject_vendorfiles + [ "${nukemode}" = "nuke" ] && return 0 + printf "Friendly reminder (this is *not* an error message):\n" + printf "Please always ensure that the files were inserted correctly.\n" +} + +check_board() +{ + if ! check_release "${archive}" ; then + [ -f "${rom}" ] || \ + err "check_board: \"${rom}\" is not a valid path" + [ -z "${rom+x}" ] && \ + err "check_board: no rom specified" + [ ! -z ${board+x} ] || \ + board=$(detect_board "${rom}") + else + release="y" + board=$(detect_board "${archive}") + fi + + boarddir="${cbcfgsdir}/${board}" + [ -d "${boarddir}" ] && return 0 + err "check_board: board ${board} not found" +} + +check_release() +{ + [ -f "${archive}" ] || return 1 + [ "${archive##*.}" = "xz" ] || return 1 + printf "%s\n" "Release archive ${archive} detected" +} + +# This function tries to determine the board from the filename of the rom. +# It will only succeed if the filename is not changed from the build/download +detect_board() +{ + path="${1}" + filename=$(basename ${path}) + case ${filename} in + grub_*) + board=$(echo "${filename}" | cut -d '_' -f2-3) ;; + seabios_withgrub_*) + board=$(echo "${filename}" | cut -d '_' -f3-4) ;; + *.tar.xz) + _stripped_prefix=${filename#*_} + board="${_stripped_prefix%.tar.xz}" ;; + *) + err "detect_board: could not detect board type" + esac + [ -d "${boarddir}/" ] || \ + err "detect_board: dir, ${boarddir}, doesn't exist" + printf "%s\n" "${board}" +} + +build_dependencies() +{ + [ -d "${cbdir}" ] || x_ ./update trees -f coreboot default + if [ ! -f "${cbfstool}" ] || [ ! -f "${ifdtool}" ]; then + x_ ./update trees -b coreboot utils default + fi + [ -z "${new_mac}" ] || [ -f "${nvmutil}" ] || x_ make -C util/nvmutil + [ "${nukemode}" = "nuke" ] && return 0 + x_ ./vendor download ${board} +} + +inject_vendorfiles() +{ + [ "${release}" != "y" ] && x_ patch_rom "${rom}" && return 0 + printf "patching release images\n" + patch_release_roms +} + +patch_release_roms() +{ + _tmpdir="tmp/romdir" + x_ rm -Rf "${_tmpdir}" + x_ mkdir -p "${_tmpdir}" + x_ tar -xf "${archive}" -C "${_tmpdir}" + + for x in "${_tmpdir}"/bin/*/*.rom ; do + printf "patching rom: %s\n" "$x" + x_ patch_rom "${x}" + done + for x in "${_tmpdir}"/bin/*/*_nomicrocode.rom ; do + [ -f "${x}" ] || continue + [ -f "${x%_nomicrocode.rom}.rom" ] || continue + + x_ cp "${x%_nomicrocode.rom}.rom" "${x}" + x_ "${cbfstool}" "${x}" remove -n cpu_microcode_blob.bin + done + + ( + x_ cd "${_tmpdir}/bin/"* + + # NOTE: For compatibility with older rom releases, defer to sha1 + [ "${nukemode}" = "nuke" ] || \ + sha512sum --status -c vendorhashes || \ + sha1sum --status -c vendorhashes || \ + sha512sum --status -c blobhashes || \ + sha1sum --status -c blobhashes || \ + err "patch_release_roms: ROMs did not match expected hashes" + ) + + if [ "${modifygbe}" = "true" ]; then + for x in "${_tmpdir}"/bin/*/*.rom ; do + modify_gbe "${x}" + done + fi + + [ -d bin/release ] || x_ mkdir -p bin/release + x_ mv "${_tmpdir}"/bin/* bin/release/ + + printf "Success! Your ROMs are in bin/release\n" + + x_ rm -Rf "${_tmpdir}" +} + +patch_rom() +{ + rom="${1}" + + # we don't process no-microcode roms; these are + # instead re-created at the end, after re-inserting + # on roms with microcode, by copying and then removing, + # so that the hashes will match (otherwise, cbfstool + # may sometimes insert certain vendor files at the wrong offset) + # (unless nomicrocode is the only config provided) + [ "${rom}" != "${rom%_nomicrocode.rom}.rom" ] && \ + [ -f "${rom%_nomicrocode.rom}.rom" ] && \ + [ "${release}" = "y" ] && return 0 + + x_ check_defconfig "${boarddir}" + + set -- "${boarddir}/config/"* + . "${1}" 2>/dev/null + + [ "$CONFIG_HAVE_MRC" = "y" ] && \ + inject "mrc.bin" "${CONFIG_MRC_FILE}" "mrc" "0xfffa0000" + [ "${CONFIG_HAVE_ME_BIN}" = "y" ] && \ + inject "IFD" "${CONFIG_ME_BIN_PATH}" "me" + [ "${CONFIG_KBC1126_FIRMWARE}" = "y" ] && \ + inject "ecfw1.bin" "$CONFIG_KBC1126_FW1" "raw" \ + "${CONFIG_KBC1126_FW1_OFFSET}" && \ + inject "ecfw2.bin" "$CONFIG_KBC1126_FW2" "raw" \ + "${CONFIG_KBC1126_FW2_OFFSET}" + [ ! -z "${CONFIG_VGA_BIOS_FILE}" ] && \ + [ ! -z "${CONFIG_VGA_BIOS_ID}" ] && \ + inject "pci${CONFIG_VGA_BIOS_ID}.rom" \ + "${CONFIG_VGA_BIOS_FILE}" "optionrom" + [ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \ + [ ! -z "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" ] && \ + inject "sch5545_ecfw.bin" "$CONFIG_SMSC_SCH5545_EC_FW_FILE" raw + [ "${modifygbe}" = "true" ] && ! [ "${release}" = "y" ] && \ + inject "IFD" "${CONFIG_GBE_BIN_PATH}" "GbE" + + printf "ROM image successfully patched: %s\n" "${rom}" +} + +inject() +{ + [ $# -lt 3 ] && \ + err "inject $@, $rom: usage: inject name path type (offset)" + + eval "$(setvars "" cbfsname _dest _t _offset)" + cbfsname="${1}" + _dest="${2##*../}" + _t="${3}" + [ $# -gt 3 ] && _offset="-b ${4}" && [ -z "${4}" ] && \ + err "inject $@, $rom: offset passed, but empty (not defined)" + + [ -z "${_dest}" ] && err "inject $@, ${rom}: empty destination path" + [ ! -f "${_dest}" ] && [ "${nukemode}" != "nuke" ] && \ + err "inject_${dl_type}: file missing, ${_dest}" + + [ "$nukemode" = "nuke" ] || \ + printf "Inserting %s/%s into file: %s\n" \ + "${cbfsname}" "${_t}" "$rom" + + if [ "${_t}" = "GbE" ]; then + x_ mkdir -p tmp + x_ cp "${_dest}" "tmp/gbe.bin" + _dest="tmp/gbe.bin" + x_ "${nvmutil}" "${_dest}" setmac "${new_mac}" + fi + if [ "${cbfsname}" = "IFD" ]; then + if [ "${nukemode}" != "nuke" ]; then + x_ "${ifdtool}" -i ${_t}:${_dest} "${rom}" -O "$rom" + else + x_ "${ifdtool}" --nuke ${_t} "${rom}" -O "${rom}" + fi + else + if [ "${nukemode}" != "nuke" ]; then + x_ "${cbfstool}" "${rom}" add -f "${_dest}" \ + -n "${cbfsname}" -t ${_t} ${_offset} + else + x_ "${cbfstool}" "${rom}" remove -n "${cbfsname}" + fi + + fi +} + +usage() +{ + cat <<- EOF + USAGE: ./vendor inject -r [rom path] -b [boardname] -m [macaddress] + Example: ./vendor inject -r x230_12mb.rom -b x230_12mb + + Adding a macadress to the gbe is optional. + If the [-m] parameter is left blank, the gbe will not be touched. + + Type './vendor inject listboards' to get a list of valid boards + EOF +} + +main $@ |