summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-12-30replace liblz4-tool with lz4 and liblz4-devLeah Rowe
In Debian dependencies files. These are available in Debian Stable, but liblz4-tool is a transitional package referring to lz4; liblz4-tool transition package is unavailable in Debian sid, so remove it from the dependencies files. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30lib.sh dependencies: support --reinstall argumentLeah Rowe
./mk dependencies debian --reinstall Add --reinstall and it'll do: apt-get install --reinstall This can be useful when updating from a stable release to a testing release. The variable, "reinstall" can be configured for other distros, but it's currently only configured for Debian-based distros. Also, it can be anything. For example, you could add -y; however, a 4th argument will not be accepted. For example, you cannot do: ./mk dependencies debian --reinstall -y If you do this, it'll only see --reinstall; similarly, if you did this command: ./mk dependencies debian -y --reinstall then -y would be passed, but not --reinstall. This is an intentional design decision, in case you accidentally pasted or subshelled something that outputted something undesirable, to prevent possible abuse. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30move xbmkpath to XBMK_CACHE/Leah Rowe
When doing ./mk release, the build system would create symlinks inside xbmkpath/ relative to the current work tree, which will differ from what's in PATH. Since XBMK_CACHE is already set globally, from the main work tree and the release-build work tree, that means we can know reliably that PATH is always correct if we put xbmkpath/ inside XBMK_CACHE. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30Revert "Remove legacy update/vendor commands"Leah Rowe
This reverts commit 781320514623653077cda2d910b9baf150949bd1. I'm doing changes for 20241206 rev8. It was a mistake to remove these; they will be removed again, after rev8. The documentation standardised on ./mk a while ago now, and it's almost time to remove these commands. However, anyone using the old commands ought to be able to, up to and including any revision of the Libreboot 20241206 release. It is my intention that these legacy commands finally be removed for the next testing release, as part of a much wider build system audit that I'm doing between now and then. (Libreboot Build System Audit 7 is underway, and several of these early audit7 changes are going on 20241206 rev8; after that, I will create a branch named 20241206_branch off of rev8, and anything in master from then on will contain much wilder changes, with more conservative changes in 20241206_branch) Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30Fix U-Boot build issue with Swig 4.3.0Leah Rowe
Tested on Debian Sid, as of 30 December 2024, which uses Swig 4.3.0. Context here: commit a63456b9191fae2fe49f4b121e025792022e3950 Author: Markus Volk <f_l_k@t-online.de> Date: Wed Oct 30 06:07:16 2024 +0100 scripts/dtc/pylibfdt/libfdt.i_shipped: Use SWIG_AppendOutput This patch from U-Boot upstream has been backported to the release revision used by Libreboot. Swig has, since 4.3.0, changed the language-specific AppendOutput functions, but the helper macro SWIG_AppendOutput is identical; therefore, upstream switched to this function. The benefit of this fix is that since the newly used macro is also the same on older Swig versions, and behaves the same, this shouldn't fix building on older Swig versions. For reference, the initial Libreboot 20241206 release, and revisions of it before revision 8, was built on Debian 12 which uses Swig 4.1.0. The rev8 release will still be compiled on Debian 12, but with this change, it should also compile on Debian Sid, and bleeding edge distros like Arch Linux. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30use command -v instead of whichLeah Rowe
which is a non-standard command, whereas command is part of posix Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30trees: remove unnecessary subshellLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30trees: only symlink host gcc/gnat to build xgccLeah Rowe
In general, we don't want to mess with the hostcc, unless we have to. To avoid other breakage, clear what we did after crossgcc has compiled. This is a follow-up to the previous patches, matching gcc to gnat versions and vice versa, when compiling crossgcc. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30trees: correction on check_gnu_pathLeah Rowe
i intend for this function to work generically, matching gnat to gcc or gcc to gnat, but there was a hangover from the previous code where it specifically assumed we were matching gnat this bug manifested when i tested with gnat being v13 and gcc being v14 in path, where gcc-13 was also available in path. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30trees: match gcc/gnat versions both waysLeah Rowe
on debian trixie/sid after updating from stable, sometimes gcc 13 and gnat 13 are both available, but gcc resolves to gcc-14 and gnat-14 isn't available. even when gnat-14 and gcc-14 are available, gnat will still either resolve to gnat-13, or nothing at all. in cases where gnat-14 is unavailable, but gcc and gnat 13 are both available, we should match gcc to gnat. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30Merge path.sh into script/treesLeah Rowe
The code is simple enough now that I'm happy for it to just be part of the main script. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30path.sh: Further cleanupLeah Rowe
Remove all symlinks each time, to ensure that no stragglers are left behind, since they are being re-generated each time anyway. The code for determining version numbers has now been unified under gnu_setver() Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30path.sh: More thorough gcc/gnat version checkLeah Rowe
We were checking the shorthand version number, but the precise version numbers need to match. Also: when we searched $PATH/gnat-$gccver, we assumed that the full version would then match, without checking it, so now it is checked precisely. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30path.sh: minor cleanupLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30path.sh: remove unnecessary shebangLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30Fix globbing issue in lbmkLeah Rowe
When doing e.g. $@ we should use double quotes to prevent globbing. Thanks go to XRevan86 for pointing this out. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30remove auto-confirm on distro dependenciesLeah Rowe
because if it says yes to everything, and the package manager would otherwise ask whether you want to give it your first born son, you are therefore agreeing to it. so remove -y for safety Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-30Mitigate Debian Trixie/Sid GCC/GNAT version mismatchLeah Rowe
When I tested Debian Trixie, and Debian Sid, I saw that GCC in PATH pointed to gcc-14, but gnat in path pointed to GNAT-13, even if you manually install gnat-14. GNAT 14 was marked experimental, but GCC 14 was marked for use, in the apt repositories. So this patch doesn't address the mismatch when doing e.g. apt-get install gcc gnat I will address the actual package dependency in a follow-up patch, on the Debian dependencies config. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-29t480/3050micro: disable hyperthreadingLeah Rowe
Hyperthreading is a risk factor for spectre/meltdown and other attacks. Disabling it is a best practise. Those who need it can always turn this option back on. Otherwise, disabling it by default is a simply courtesy to the average user, in the interest of security. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-29t480/t480s: Disable TPM2 to mitigate SeaBIOS lagLeah Rowe
SeaBIOS was lagging a lot, on startup and when executing almost any payload, especially when doing anything in the ESC menu. I set the debug level to *21*, and thoroughly analysed the logs. I found entries such as this: Checking for bootsplash WARNING - Timeout at wait_reg8:81! TCGBIOS: Return value from sending TPM2_CC_StirRandom = 0x00000000 WARNING - Timeout at wait_reg8:81! TCGBIOS: Return value from sending TPM2_CC_GetRandom = 0x00000000 WARNING - Timeout at wait_reg8:81! TCGBIOS: Return value from sending TPM2_CC_HierarchyChangeAuth = 0x00000000 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc16e WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc1c5 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc211 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc25d WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2a9 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2f5 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc341 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc38d WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc3d9 Searching bootorder for: HALT Mapping hd drive 0x000f49e0 to 0 I'm not quite certain what the problem is, but disabling TPM2 made the problem go away; SeaBIOS is snappy again. TPM is security threatre anyway. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-28rom.sh: Name pico directory serprog_picoLeah Rowe
Previously serprog_rp2040, but we now also support the RP2530 boards. Therefore, serprog_pico is a nice generic name. The directory on release archives will now be serprog_pico instead of serprog_rp2040; it will contain serprog images for both RP2040 and RP2530 devices. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-28add 2024 to Riku's copyright header on rom.shLeah Rowe
he forgot to do this in the recently merged pico2 support. i'm doing it for him as a matter of courtesy. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-28Merge pull request 'rp2530' (#258) from Riku_V/lbmk:rp2530 into masterLeah Rowe
Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/258
2024-12-28pico-sdk: update to 2.1.0Riku Viitanen
this brings support for a new microcontroller platform rp2530. total number of pico boards supported now: 97 TEST: built them all Tested-by: Riku Viitanen <riku.viitanen@protonmail.com> Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
2024-12-28pico-serprog: enable building for multiple pico chipsRiku Viitanen
rp2040 and rp2530 platforms can't share a cmake build directory. we could just delete the build directory after every compilation, but that would be really wasteful (every tool would need to be recomiled every time. instead create new build directories as new plaforms are found and symlink them to the point where the build directory used to be. to find out which platform we're compiling for, we crudely parse the board headers file. there surely would be better ways to do this, but this hack works with all the boards in pico-sdk 2.1.0. Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
2024-12-27add spdx headers to dependencies configsLeah Rowe
these used to be separate scripts under gpl 3+, so it makes sense to clarify the licensing situation Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-27dependencies/debian: fix debian sidLeah Rowe
change python3-distutils to python3-distutils-extra the latter is still available in debian sid, but not the former. however, installing this should still provide the additional files required. with this, the debian script is now compatible with both debian sid and debian stable(bookworm, presently). Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-27add spdx headers to various config filesLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-26git.sh: don't initialise livepull globallyLeah Rowe
set this variable in the tmpclone function. otherwise, certain submodules might always download every time, when handling multiple projects. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-26vendor.sh: Print useful message on ./mk injectLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-26vendor.sh: Handle FSP insertion post-releaseLeah Rowe
The Libreboot 20241206 release provided FSP pre-assembled and inserted into the ROM images; the only file inserted by vendor.sh was the Intel ME. Direct distribution of an unmodified FSP image is permitted by Intel, provided that the license notice is given among other requirements. Due to how coreboot works, it must split up the FSP into subcomponents, and adjust certain pointers within the -M component (for raminit). Such build-time modifications are perfectly fine in a coreboot context, where it is expected that you are building from source. The end result is simply what you use. In a distribution such as Libreboot, where we provide pre-built images, this becomes problematic. It's a technicality of the license, and it seems that Intel themselves probably intended for Libreboot to use the FSP this way anyway, since it is they who seem to be the author of SplitFspBin.py, which is the utility that coreboot uses for splitting up the FSP image. Due to the technicality of the licensing, the FSP shall now be scrubbed from releases, and re-inserted. Coreboot was inserting the -S component with LZ4 compression, which is bad news for ./mk inject beacuse the act of compression is currently not reproducible. Therefore, coreboot has been modified not to compress this section, and the inject command doesn't compress it either. This means that the S file is using about 180KB in flash, instead of about 140KB. This is totally OK. The _fsp targets are retained, but set to release=n, because these targets *still* don't scrub fsp.bin; if released, they would include fsp files, so they've been set to release=n. These can be used on older Libreboot release archives, for compatibility. The new ROM images released for the affected machines are: t480_vfsp_16mb t480s_vfsp_16mb dell3050micro_vfsp_16mb Note the use of _vfsp instead of _fsp. These images are released, unlike _fsp, and they lack fspm/fsps in the image. FSP S/M must be inserted using ./mk inject. This has been tested and confirmed to boot just fine. The 20241206 images will be re-compiled and re-uploaded with this and other recent changes, to make Libreboot 20241206 rev8. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-25Remove legacy update/vendor commandsLeah Rowe
We only use ./mk now. ./build still exists for now. This will be removed in a future revision, when the trees script is removed and merged with the main script. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-24lbmk: remove use of deprecated ./vendor commandLeah Rowe
use ./mk instead, because in a future change to lbmk, only ./mk will be used and the other commands will be removed. with this change, the ./vendor, ./build and ./update commands are no longer used. these commands still work, for backwards compatibility, but they are deprecated. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-24vendor.sh: Safer exit when vendorfiles not neededLeah Rowe
When vendor files were not needed on a given board, the script would directly exit. This is bad, because the inject functions are called directly from the main script, which means the parent instance of lbmk. This means that the lock file and temporary files were not being removed on exit. On a subsequent run, this would cause the error stating that a lock file is present, which would cause further error, making the user believe something is broken in lbmk. Modify the behaviour accordingly; exits are now returns, and these are handled in the calling functions, in such a way that a proper exit occurs, whereby temporary files and the lock file are deleted. For context, please read the main "build" script where it calls vendor_inject and vendor_download. At the end of that script, it calls tmp_cleanup, which removes the TMPDIR that was created, and the lock file. In lbmk, the TMPDIR is not /tmp, but rather a subdirectory under /tmp, so that further calls to mktemp create everything under one single temporary directory, which lbmk automatically removes on exit. Therefore, this patch also avoids leaving temporary files laying around on the disk. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-24data/deguard: Remove unused patchLeah Rowe
The appdir.patch file was used on the older deguard version, prior to Mate Kukri's rewrite. This patch is no longer required, and no longer used, so it can be removed safely from lbmk. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-24lib.sh: Safer exit from ./mk dependenciesLeah Rowe
The exit was dependent upon install_packages returning zero status, which it always would in practise, due to its design, but this exit must always be observed, so the code has been modified to honour this design. A direct exit violates lbmk's design in most instances, where a temporary directory and lock file has already been created; at this stage, no such act was performed, so a direct exit is perfectly acceptable. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-22remove geteltorito and mtools from lbmkLeah Rowe
we needed these for extracting intel vga roms from lenovoo updates, for t480, very briefly. about an hour after i pushed that patch, mate kukri fixed libgfxinit and then i removed the vgarom integration because it wasn't needed anymore. however, i forgot to remove geteltorito/mtools from dependencies. some distros like fedora were problematic about it. the best thing about bugs is when you don't have to fix them. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18rom.sh: support grub-first setupsLeah Rowe
in this setup, seabios is never the default payload, grub is, but only if grub is enabled. set this in target.cfg: payload_grubsea="y" if payload_grub isn't enabled, this is auto-set to n ditto if initmode=normal NOTE: if flashing libgfx setups, you should make sure that you're not booting with a graphics card, only intel graphics. this setting will intentionally not be documented, because it's not recommended, but is being implemented for testing purposes (and i implemented it for some guy who i think is cool). i'll probably also use this myself, since i already do grub-only setups on all my own machines. seagrub is the default on x86 because of past instabilities with grub. to mitigate in case of future issues, since seabios is always stable, we reduce the chance of bricks. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18vendor.sh: delete old tb.bin first, just in case20241206rev7Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18vendor.sh: make TBFW pad size configurableLeah Rowe
we encountered 1MB flash so far, but we may encounter other sizes on other machines when added to libreboot later on Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18T480/T480S: Support fetching ThunderBolt firmwareLeah Rowe
Though not used in coreboot builds, and not injected into the builds in any way, these files are now created seperately when handling T480/T480s vendor files: vendorfiles/t480/tb.bin vendorfiles/t480s/tb.bin These are created by extracting Lenovo's ThunderBolt firmware from update files. The updated firmware fixes a bug; older firmware enabled debug commands that wrote logs to the TB controller's own flash IC, and it'd get full up with logs, bricking the controller. If you've already been screwed by this, you must flash externally, using a padded firmware from Lenovo's updates. Lenovo's own updater requires creating a boot CD or booting Windows. This patch in lbmk auto-downloads just the firmware, and you can flash it externally. You could simply do this as a matter of course, when installing Libreboot. You are recommended to update the Lenovo UEFI/EC firmwares first, before installing Libreboot; please look at the Libreboot documentation to know exactly which versions. Then dump the ThunderBolt firmware first, to be sure, and then you can flash these files. Flashing these updates will prevent the bug described here: https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t480-type-20l5-20l6/20l5/solutions/ht508988 You can download Lenovo's installers for various ThinkPad models there, including T480s/T480s. It is these downloads that this lbmk patch uses, to extract those files directly. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-17also de-rainbow the u-boot menu20241206rev6Leah Rowe
boring is good Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-17Revert "use rainbow deer on the grub background"20241206rev5Leah Rowe
libreboot has a lot of users worldwide, some of whom live in countries that punish being gay; if they look at libreboot or boot it and it has the pride colours on it, it could actually get them in trouble. this fact occured to me, and i've decided therefore to revert back to the boring plain logo. though, perhaps we could actually properly design a new logo? a new, modern logo, and a nicer website. we'll see! This reverts commit 401efb24b2213454732e769531f660605771e538.
2024-12-17rom.sh: insert grub background in cbfs not memdisk20241206rev4Leah Rowe
for some reason, when the background is in memdisk, inserting it into cbfs afterward doesn't override, despite this being the behaviour in grub.cfg put it in cbfs explicitly, and skip inserting into memdisk Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-17use rainbow deer on the grub backgroundLeah Rowe
same as on u-boot recently Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-13add some scripts to .gitignoreLeah Rowe
f/m are scripts i'm gradually working on. easy flash scripts for lbmk. no promises when/if i push them. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-11disable 3050micro nvme hotplug20241206rev3Leah Rowe
see patch for rationale. this should prevent instability caused when the nvme randomly replugs under linux. sometimes e.g. nvme0n1 becomes nvme0n2 while the system is running. in my case, that caused my raid1 to become unsynced every few days. this issue was fixed on t480 by disabling pcie hotplug for its nvme device, so the same fix has been applied for dell optiplex 3050 micro. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-10fix t480 spd size (512, not 256)Leah Rowe
this was done with the following command: ./mk -u coreboot t480s_fsp_16mb t480_fsp_16mb it was set to 256 but should be 512. the SPD is what contains configuration data for raminit, which training code uses so that the timings will be correct. if the SPD size is wrong, the machine won't boot in practise, lbmk always runs "make oldconfig" on a coreboot config, before building it, so this was already being corrected automatically at build time. however, if that fact ever changes in the future, this wrong configuration would cause the machines not to boot. therefore, this can be considered a preventative or perhaps pre-emptive bug fix. this fix does not need to be applied to the 20241206 release, because of the behaviour described above. the final ROM images do have the spd size set correctly to 512, because of this design feature in lbmk. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-08add tarballs and signatures to gitignoreLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-08fix another very stupid mistake20241206rev2Leah Rowe
the last revision disabled building arm64 images! Signed-off-by: Leah Rowe <leah@libreboot.org>