| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this was the other complication with doing it as a macro.
for something this fundamental, we really want to ensure
that every access is safe.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
having this as a macro makes the code quite brittle.
better to have it as a function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
merge the urandom handling back into this function.
it's called immediately after in main anyway, so we
may as well. this reduces the size of main.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in the given call, we then do an equivalent call
immediately after that is the same, but without
unveil, so we'll just defer to that.
this changes no behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in general, we should ensure that the pledge calls only happen
inside main. this means we can more easily see them, in future
re-factoring.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this will enable hardening of the pledge syscalls.
it also means that the program will error out much
earlier, when an invalid command is given, rather
than opening a bunch of files first, and it will
do so under reduced privilege already, notwithstanding
the further pledge/unveil hardening that is planned.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
same as the previous change. i'm going to harden the unveil
and pledge calls next.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
urandom in main. this is because i'm going to further
harden the use of pledge and unveil in a future patch,
and this is a prerequisite.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
main is getting much smaller now
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also for other variants
i removed it because it was reported broken. it's not.
the removal was always temporary, pending further testing.
next time, i will be more sceptical.
everything works fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the for loop only contains one line
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
do it in the macro. this way, if a given error is
present, it's not overridden. this enables easier
debugging.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i renamed filename to fname, so that certain lines would
still fit within 80 characters without introducing a new
line break.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
split it into readGbe_part, for code clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
handle it in a separate function, for clarity.
the main function just checks each part whether it
changed, and then passes control to writeGbe_part.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use the ERR macro instead, so that an existing value
will not be overridden. this is useful for debugging.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the current code is optimised for speed, but it's a bit
esoteric, so make it easier to understand.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this has to do with memory allocation, not actual reading
of the gbe file into memory. split it up, for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
when nf and nr/nw are not the same, we know there
is an error condition, so defer to the following err()
call, but use ERR() there instead of hardcoding use
of ECANCELED.
this actually improves the error handling, by being
more verbose, while reducing the amount of logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we only need to know the number of bytes written or
read under error conditions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This makes the argument handling easier to understand,
since other arguments are also handled in find_me
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is a special mode that skips FPTR checks, which is
needed on the topton x2e_n150
we currently set this, when MEclean="n", but we may want to
skip cleaning while still checking FPTR on some boards (in
a future lbmk revision)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
from kittywitch/lbmk:x270-patch into master
Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/405
|
|
|
|
it is currently only initialised inside case
conditions. this is fine on most shells, but
some of them can be a bit buggy here.
initialise it empty and then override.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
idk why i made it 4
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is a hangover from an earlier work, where we
had some issues prior to merging.
as it is, the port is ready for a future release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Courtesy of Kat Inskip who ported this board.
Headphone output doesn't work at the moment, due to incorrect verb.
Intel VBT is also wrong. Both are taken from another board.
This will be amended later with the correct verb and VBT.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
latest coreboot rev as of literally today
this is in preparation for a thinkpad x270 port
using a WIP patch that was contributed
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
instead of SPS and disable ME HECI in devicetree' (#404) from noisytoot/supermicro-x11ssh-f into master
Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/404
|
|
this is the program I recently wrote, that generated
the submodule entries for the GRUB PO file fix
this utility is for reference only. i'll probably do
away with the fix at some point, replacing it with
my own git-based submodule repository, containing the
PO files. this would make things easier, and then
that repository would contain the utility instead.
i'm just putting this in lbmk for now, so that we
have it somewhere.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Since we have redundant downloads for the ME image now, it's no longer
required.
|
|
Since we always use me_cleaner, this speeds up boot time by preventing
coreboot from wasting a few seconds waiting for HECI.
|
|
Using the same ME image as the 3050 Micro. This fixes the lack of a
backup download URL for the ME and speeds up boot time, since MRC
caching is working with ME (unlike SPS).
Unfortunately, since the MFS partition must be preserved, this does
mean we need a larger ME region than with me_cleaned SPS.
|
|
Left over from the hyphen -> underscore renaming commit.
|
|
the lack of redundancy in Intel ME downloading is a current
release blocker with this board, so set it to release=n for
now.
it is quite possible to use deguard on this board, which does
have redundant downloading when used with lbmk.
although the board doesn't have bootguard, it is still possible
to use deguard. you can configure the generic ME image that it
fetches, and reconfigure it for each machine.
i've asked ron to look into this, on their test board.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i don't like hyphens in file names, because of how lbmk
has historically handled directories and files in the past;
i've removed a lot of eval statements, to the extent that
it's no longer likely to be a problem (it's barely used now),
but i previously had a problem with using hyphens in config
names.
this design flaw (in lbmk) was fixed ages ago, but i still
maintain this policy. since that time, i use hyphens only.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
