summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-01-04add line break, part 2Leah Rowe
because printf Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add line breakLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: prevent double-nukeLeah Rowe
where the nuke command is used, we need the files to be there; if they're not, it will try to nuke them, which will result in an error in most cases, but there may be some cases where that isn't true, for instance if only the Intel ME is needed; it'll be writing zeroes over zeroes. we want to only allow technically correct behaviour, because technically correct is the best kind of correct. it is theoretically possible that a double-nuke might affect certain behaviours unpredictably. for example, if vendor.sh later integrates another tool that works whereby the same command inserts or nukes depending on a certain condition, but with the same command, and where that command would return zero in both cases. this is a preventative bug fix, because it fixes an issue that does not yet actually occur in practise. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: much more verbose errors/confirmationLeah Rowe
the user must be well-informed as to the next step, which this script directly influences guide the user accordingly Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add libx86 to arch dependenciesLeah Rowe
needed to compile the "int" tool defined under config/git/ Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: Remove unnecessary returnLeah Rowe
The message at the end that states a file was not modified, is not currently printed when vendor files are not needed, and setmac is not used. This patch fixes that, so the user now sees a confirmation of such change, or lack thereof. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: Download utils even if vcfg unsetLeah Rowe
This is because the user may have specified setmac. I tried without this change, on a fresh lbmk, setting the MAC address on an X200 tarball, and it produced an error that ifdtool was unavailable. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: Allow setmac if vendorfiles not neededLeah Rowe
Observe the following prior patch: commit 818f3d630c268742cf046523e24c7b000e06ec69 Author: Leah Rowe <leah@libreboot.org> Date: Fri Jan 3 17:06:14 2025 +0000 vendor.sh: Don't error if vcfg is unset Now: This patch made vendor inject more robust, and speeds up the processing of images where no vendor files are needed, but it broke setmac on such tar archives. This new patch works around it. For example, I was able to run ./mk inject on an X200 tarball to change the MAC address; no vendorfiles are inserted, because it's not needed. The further check for whether a board uses Intel GbE still protects against accidental modification. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add less to arch dependenciesLeah Rowe
probably not actually needed, but it annoys me that it doesn't come installed by default, and it's needed for certain git operations Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03lib.sh: Set python after dependenciesLeah Rowe
otherwise, the user can't install python, which is in the dependencies. an irony! Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03update my copyright years on modified scriptsLeah Rowe
there are some lbmk scripts that i modified, starting this year. update the headers. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03vendor.sh: Don't error if vcfg is unsetLeah Rowe
It should return 1 instead, in readcfg(), because this is not an error condition; vcfg not being set means that the board doesn't use vendor files, which is perfectly normal and should not yield an error. This fixes a build error under certain conditions, found during release-build testing. This bug was exposed when I fixed double quoting issues as per shellcheck tests. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03lib.sh: Fix unescaped quotes in chkvars()Leah Rowe
This should be the proper fix now Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03Revert "fix more unescaped quotes in eval"Leah Rowe
This reverts commit ec6bcc1fba5fbdf8b19b3d1cf9711f3d4c9c3741.
2025-01-03fix more unescaped quotes in evalLeah Rowe
it should fix more build errors that might have appeared in the aforementioned revision, mentioned in the previous commit message Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03fix ./mk dependencies build issueLeah Rowe
the bug was actually caused by chkvars add an escape for the quotes and bam. fixed. without this, i got the following e.g. For command: ./mk dependencies debian Output: ./mk: 1: [: apt-get: unexpected operator ERROR ./mk: pkg_add unset Someone reported a similar issue with the Arch one, which is also now fixed. This regression was caused by the previous commit: commit 0cf58c22734b19293f4cbef83add59b031ca1773 Author: Leah Rowe <leah@libreboot.org> Date: Thu Jan 2 23:52:45 2025 +0000 fix lbmk shellcheck errors I forgot to escape the double quotes in an eval. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03rom.sh: Remove errant GRUB modules checkLeah Rowe
This check is a good idea, but not viable here, because the modules naturally aren't set in all circumstances, so it just causes a build error. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03submodule/grub: use codeberg for 1st gnulib mirrorLeah Rowe
the gnu.org mirror is always slow for some reason, but only for gnulib. it may only be for me, because routing in other countries/networks may differ. when i'm freshly cloning lbmk modules, gnulib is always really slow, like 300KB/s (bytes, not bits) i have 1gbps internet and wish to not have 2005-era speeds, thank you kindly! Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Update AUTHORS and COPYING filesLeah Rowe
Mention Riku's copyright in the COPYING file, and update my years in that file. Add Riku to the AUTHORS file. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Describe nvmutil in help outputLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Remove the correct binary on uninstallLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/spkmodem-recv: More correct MakefileLeah Rowe
Set up the DESTDIR variable properly. Otherwise, this is just style changes. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Honour the INSTALL variableLeah Rowe
Don't assume "install" is the correct command. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Don't clean when doing uninstallLeah Rowe
The user might wish to uninstall, but not remove the build that they just did. The user can still do make clean if they wish. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Proper DESTDIR/PREFIX handlingLeah Rowe
DESTDIR is the root directory where it goes, which is normally an empty string; PREFIX is where the bin directory is located, relative to DESTDIR Default to /usr/local for PREFIX, not /usr, because /usr/bin is for system utilities. nvmutil is a local utility. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Set CC and CFLAGS only if unsetLeah Rowe
We don't want to clobber anything that the user set themselves. Instead, we should respect the user's choice. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Capitalise BABALeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Add uninstall to MakefileLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Add distclean to MakefileLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Make the GbE checksum a defineLeah Rowe
This makes the code easier to understand. All 2-byte words, stored in little endian order within the 128-byte GbE NVM area, must add up to 0xBABA. If it doesn't, then software is supposed to reject that GbE config. The nvmutil software works on that basis. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: nicer hexdump displayLeah Rowe
make it look like hexdump -C, where individual bytes are spaced, and there is an additional space after 8 bytes, per row. i won't bother with a character display, since that is meaningless on gbe nvm words. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: show the correct hexdump orderLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02lib.sh mktarball: cleaner if statementLeah Rowe
i also removed that printf, because the path it prints is actually wrong sometimes; in the recent re-write of vendor.sh, it prints the correct path instead Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02fix lbmk shellcheck errorsLeah Rowe
There was also a condition in run_make_command that is now an OR, where it was an AND, on script/trees, to fix the use of mixed (and erroneous) OR/AND operators. I'm planning a much more invasive audit than this. These are light fixes, intended for Libreboot 20241206 rev8. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02lib.sh and rom.sh: update my headerLeah Rowe
i made modifications to them in 2025, so update them to 2025 Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02vendor.sh inject: reset err upon returnLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02vendor.sh: MUCH, MUCH, MUCH safer ./mk injectLeah Rowe
Don't extract to bin/release/ Modify the tarball instead. Previously, the tarball would not be modified, but a lot of users thought the tarball was being modified and ignored bin/release/, where the injected images were actually being saved to. Don't copy the tarball either. Just modify it in-place. Don't allow single-rom injection either; only allow the tarball-based method. The command syntax has changed, but: ./mk inject tarball.tar.xz This is the same. What has changed is nuke, and MAC address modification. Observe: ./mk inject tarball.tar.xz nuke ./mk inject tarball.tar.xz setmac ./mk inject tarball.tar.xz setmac ??:??:??:??:??:?? ./mk inject tarball.tar.xz setmac 00:1f:16:??:22:aa These are just a few examples. The MAC address syntax is the same as used for nvmutil, which means you can set it randomly. Also: ./mk inject tarball.tar.xz setmac You can use the *setmac* command *repeatedly*, even if you've already injected a given archive. It'll just update the archive, but skip injecting other files that were already injected. If you use setmac without a MAC address, it will randomise the MAC address. This is therefore very similar to the command structure used in nvmutil. The code for injection is generally more robust, with stronger error checks. This design change was done, so that the user doesn't accidentally brick their machine. The non-injected images have a prefix in the file name saying "DO_NOT_FLASH", and those non-injected images are padded by 1 byte. That way, the user knows not to flash it and if they try, flashprog will throw an error. The prefix and padding is removed on injection. Old images without the padding/prefix can still be injected, via tarballs; this new code is backwards-compatible with tarballs from older Libreboot releases. A common thing I see sometimes is a user will say they have a black screen or something, and I say: did you insert vendor files? And they say yes. And they did. But they extracted and flashed from the tarball, which wasn't injected, because they didn't release about bin/release/ No amount of RTFM is justified. The previous design flaw is a bug. We must always observe user safety first, no matter what, so that has now been done. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01util/nvmutil: Obey the 79-character per line limitLeah Rowe
Must not exceed 79 lines. Some variables and functions have been renamed, and there has been some minor re-factoring. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01util/nvmutil: Tidy up copyright headerLeah Rowe
I don't like using SPDX for actual copyright declarations. I only want it to be used for the license identifier. Also: I made a *single* change to nvmutil.c in 2024, which means that I have copyright in all years since and including 2022; the file said 2022, 2023, 2025, but it's actually 2022-2025. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01vendor.sh: fix commentLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01util/nvmutil: Fix another stragglerLeah Rowe
I don't like using strings this way, it looks unclean. Once again, use good old fashioned if/else. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31util/nvmutil: Tidy up pledge callsLeah Rowe
I wasn't too happy using shorthand for strings like that. Tidy it up and use good old fashioned if/else. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31hp820g2: fix vendorfile inject and set release=yLeah Rowe
I believed that the compressed nature of refcode was the only non-reproducible thing, but turns out you also need to run rmodtool on the refcode to make the binary relocatable in cbfs. This is based on my reading of the coreboot Makefile. With this change, I can now provide release binaries for the HP EliteBook 820 G2. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31fedora41/dependencies: add libuuid-develLeah Rowe
it seems to be required for uuid/uuid.h Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31add uuid-devel to fedora41 dependenciesLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31support ./mk dependencies fedora reinstallLeah Rowe
dnf reinstall package or dnf install package for reinstall, do this: ./mk dependencies fedora41 re this is an example command the 4th argument prefixes "install" in dnf install a bit hacky but it should work Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31fix missing semicolon in grub nvme patchLeah Rowe
i forgot this when rebasing on the recent uprev Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31bump seabios to rev 1602647f1 (7 November 2024)Leah Rowe
This brings in a *single* change from SeaBIOS, because there has only been one change in the main branch, and it's a bug fix. The change from upstream is as follows: commit 1602647f1be24fe63d11138d802e735c8e674e63 Author: Daniel Khodabakhsh <d.khodabakhsh@gmail.com> Date: Thu Nov 7 18:46:16 2024 -0800 boot: Force display of the boot menu when boot-menu-wait is a negative number Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31Bump GRUB revision to 6811f6f09 (26 November 2024)Leah Rowe
Although this is for a stable release revision, namely Libreboot 20241206 revision 8, I've carefully audited the upstream changes and they all seem fine. Several important bug fixes have been imported with this change. Most interestly, GRUB has also added support for TPM2 Key Protectors; we don't use this feature yet, and probably won't for the time being, since TPM is largely security threatre for our purposes anyway. There's no harm including all upstream revisions, up to those ones, since those modules are not yet added in lbmk. Most notably, there are several file system fixes, and minor fixes to the graphics terminal of GRUB. Minor fixes only, in terms of what Libreboot actually uses at present. The full list of imported changes are as follows, relative to the previous GRUB revision, which was b53ec06a1 from 17 June 2024: * 6811f6f09 tpm2_key_protector: Enable build for powerpc_ieee1275 * ff14b89bd ieee1275/tcg2: Add TCG2 driver for ieee1275 PowerPC firmware * 72092a864 ieee1275/tcg2: Refactor grub_ieee1275_tpm_init() * 8c0b5f200 ieee1275/ibmvpm: Move TPM initialization functions to own file * 7344b3c7c ieee1275: Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID * 29d1bd2a9 term/ieee1275/serial: Cast 0 to proper type * 99ee68a01 tss2: Adjust bit fields for big endian targets * 3770a6905 docs: Document TPM2 key protector * f898440cc tests: Add tpm2_key_protector_test * 76a2bcb99 tpm2_key_protector: Add grub-emu support * 135e0bc88 diskfilter: Look up cryptodisk devices first * b35480b48 cryptodisk: Wipe out the cached keys from protectors * 6abf8af3c cryptodisk: Fallback to passphrase * fba3a474e tpm2_key_protector: Implement NV index * 550ada7d6 tpm2_key_protector: Support authorized policy * 5f6a2fd51 util/grub-protect: Add new tool * ad0c52784 cryptodisk: Support key protectors * 48e230c31 key_protector: Add TPM2 Key Protector * 35c9904df tss2: Add TPM2 Software Stack (TSS2) support * 63a78f4b4 tss2: Add TPM2 types and Marshal/Unmarshal functions * 2ad159d9b tss2: Add TPM2 buffer handling functions * 5d260302d key_protector: Add key protectors framework * 3d60732f9 libtasn1: Add the documentation * 99cda6788 asn1_test: Test module for libtasn1 * 504058e82 libtasn1: Compile into asn1 module * 8a0fedef2 asn1_test: Enable the testcase only when GRUB_LONG_MAX is larger than GRUB_INT_MAX * 66cf4cb14 asn1_test: Use the grub-specific functions and types * 0d0913fc6 asn1_test: Print the error messages with grub_printf() * 2e93a8e4b asn1_test: Remove "verbose" and the unnecessary printf() * b7568e335 asn1_test: Return either 0 or 1 to reflect the results * d60a04bae asn1_test: Rename the main functions to the test names * 54e0e19a2 asn1_test: Include asn1_test.h only * 0ad1d4ba8 libtasn1: Fix the potential buffer overrun * 4160ca983 libtasn1: Use grub_divmod64() for division * 8f56e5e5c libtasn1: Adjust the header paths in libtasn1.h * d86df91cb libtasn1: Replace strcat() with _asn1_str_cat() * 32fdfe600 libtasn1: Replace strcat() with strcpy() in _asn1_str_cat() * fa498af7b libtasn1: Disable code not needed in GRUB * 9a26abbc3 libtasn1: Import libtasn1-4.19.0 * c85c2b9f5 posix_wrap: Tweaks in preparation for libtasn1 * 4f6c46091 kern/fs: Honour file->read_hook() in grub_fs_blocklist_read() * 792132c72 docs: Fix incorrect and potentially confusing language and minor formatting * 1763d83f5 docs: Correct GRUB config file name for network boot * 097fd9d9a docs: Correct chainloader UEFI secure boot info * f48e6af11 docs: Correct PXE environment variables descriptions * dd743ba42 loader/multiboot: Do not add modules before successful download * 9a9082b50 grub-mkimage: Add SBAT metadata into ELF note for PowerPC targets * f97d4618a grub-mkimage: Create new ELF note for SBAT * f26b39860 commands/legacycfg: Avoid closing file twice * 337cb2486 nx: Rename GRUB_DL_ALIGN to DL_ALIGN * 31de991de kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table() * f5bb766e6 nx: Set the NX compatible flag for the GRUB EFI images * 94649c026 nx: Set page permissions for loaded modules * 09ca66673 nx: Add memory attribute get/set API * 9fb80dd57 modules: Load module sections at page-aligned addresses * 6e2fe134e modules: Don't allocate space for non-allocable sections * 2b79d550f modules: Strip .llvm_addrsig sections and similar * 246c82cda modules: Make .module_license read-only * 616adeb80 i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global * 95a7bfef5 i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT * 1b1061409 i386/msr: Extract and improve MSR support detection code * 929fafdf5 i386/msr: Rename grub_msr_read() and grub_msr_write() * d96cfd7bf i386/msr: Merge rdmsr.h and wrmsr.h into msr.h * 86ec48882 commands/tpm: Skip loopback image measurement * 3808b1a9b net/drivers/efi/efinet: Skip virtual VLAN devices during card enumeration * e5f047be0 efi/console: Properly clear leftover artifacts from the screen * c5ae124e1 kern/riscv/efi/init: Use time register in grub_efi_get_time_ms() * 9c34d56c2 loader/efi/linux: Reset freed pointer * 92bed41bf loader/efi/linux: Reuse len variable * 33cb8aecd lib/x86_64/relocator_asm: Use .quad instead of .long * 77cd623de lib/x86_64/relocator_asm: Fix comment in code * 95145eea5 loader/efi/linux: Update comment * d333e8bb3 util/grub-mkimagexx: Explicitly move modules to __bss_start for MIPS targets * 34b7f3721 include/grub/offsets.h: Set mod_align to 4 on MIPS * ed0651673 gentpl: Put boot/mips/startup_raw.S into beginning of the image * 648f2d16c configure: Add -mno-gpopt option for mips and mipsel targets * f0710d2d8 lib/xzembed/xz_dec_bcj: Silence warning when no BCJ is available * e61157bbd fs/erofs: Replace 64-bit modulo with bitwise operations * 5313fa839 configure: Look for .otf fonts * 33b94f2a9 loader/efi/chainloader: Do not print device path of chainloaded file * ab1e6fc04 docs: Document all GRUB modules * 9537f4403 commands/bli: Fix crash in get_part_uuid() Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-31t480/3050micro: force power off post power failureLeah Rowe
The T480 has no option table, because it lacks nvram, so the default option applies, which seems to be power on after power failure. This is undesirable on a laptop. It's triggered simply when your laptop battery runs out, and once triggered, it couldn't be configured at all. Hard-code this. The documentation will be updated later on after this patch is pushed, telling those users who want to change this behaviour how to modify/remove the patch, if they wish to to do so, because some people may actually want to run a server on the OptiPlex 3050 Micro (or if they're crazy like I am, they will host libreboot.org on a ThinkPad). Signed-off-by: Leah Rowe <leah@libreboot.org>