summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-06-01util/nvmutil: harden pledge/unveil calls (OpenBSD)Leah Rowe
*Open* files at the start, then unveil. The same overall behaviour is observed. In the case that invalid arguments are given, simply opening a file does not cause much performance impact (if any). Restrict operations as early as possible in code. Bonus: writeGbeFile also hardened; if flags is O_RDONLY, it aborts. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: fix faulty fd checkLeah Rowe
i screwed up in an earlier commit this change fixes a bug where on rhex(), each call would re-open /dev/urandom, resetting rfd Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: only swap/copy if checksum is validLeah Rowe
in practise, the file was never written unless the checksum was valid, but in the same of sloccount reduction i made it do the swap/copy before checking. while functionally ok, it never sat right with me. this is one example of where sloc count doesn't mean everything. code correctness is critical Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: use bsd-style indentationLeah Rowe
the style was already quite similar, but extended lines in bsd are indented by 4 spaces instead of a tab. this style has grown on me, so i'm adopting it here Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: clean up rhex()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: check correct return value on close()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: massive code cleanupLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: move includes to nvmutil.hLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: move xpledge/xunveil to nvmutil.hLeah Rowe
They don't precisely *pertain* to nvmutil, but they are useful helper functions for calling pledge/unveil in OpenBSD. Ideally, the main file should only contain core logic pertaining to the execution of *nvmutil*. Put xpledge() and xunveil() in nvmutil.h. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: use SPDX license headersLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: move non-functions to nvmutil.hLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: use even more macros (code cleanup)Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: remove unnecessary parenthesesLeah Rowe
2023-06-01util/nvmutil: simplify setWord() with word() macroLeah Rowe
There is nothing cooler than a macro. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: do xor swap in a macroLeah Rowe
eventually, everything will be a macro! Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil pledge,unveil: use correct err stringLeah Rowe
2023-06-01util/nvmutil: ensure that errno is set on err()Leah Rowe
When err() is called, it is intended that nvmutil will always exit with non-zero status, but with errno as the return value. Ensure that errno is *not* zero. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-01util/nvmutil: minor code cleanupLeah Rowe
Make word() a macro, simplify err_if(). Could also make setWord() a macro if I forego certain optimisations, but I'll leave it as-is. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31util/nvmutil: simplified error handling in mainLeah Rowe
This change also reduces code indentation. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31util/nvmutil: Use unveil, and harden pledgesLeah Rowe
After /dev/urandom (for MAC address randomisation) and the GbE file have been handled, unveil them. Unveil is a system call provided by OpenBSD that, when called, restricts access only to the files and/or directories specified, each given specific permissions. You can learn more about unveil here: https://man.openbsd.org/unveil.2 An ifdef rule makes nvmutil only use unveil on OpenBSD, because it's not available anywhere else. This is the same as with the pledge() system call. Where invalid arguments are given, and no action performed, pledge promises are also reduced to just stdio, preventing any writes to files, or reads from files. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31util/nvmutil: Harden pledge promisesLeah Rowe
After reading a file, remove rpath. When removing rpath, also remove wpath if flags are not to O_RDONLY (read-only disk operation). When wpath is permitted, and a file was successfully written, remove wpath. In order to permit /dev/urandom access in rhex(), I call it as a void just before re-calling pledge. The rhex() function has been written in such a way that /dev/urandom only needs to be read *once*. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-31util/nvmutil: Simplify use of pledge (on OpenBSD)Leah Rowe
Define xpledge which calls pledge and handles errors. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-30util/nvmutil: Use correct pledge promise (OpenBSD)Leah Rowe
I assumed wpath was all that's needed, but this simply allows writes. rpath must be specified alongside wpath, for reads. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-30util/*: Properly detect OpenBSD for pledge() callLeah Rowe
The utils that are pledged checked HAVE_PLEDGE which was bogus. OpenBSD defines __OpenBSD__, which you can check for in ifdef. This change makes nvmutil and spkmodem-recv *actually* use pledge, when the utils are compiled on OpenBSD. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-29util/e6400-flash-unlock: clean up commented codeLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-28Add 4MB version of HP 8200 SFFRiku Viitanen
This is useful for internally flashing Libreboot from OEM BIOS since the top ~3MB is write-protected by vendor firmware.
2023-05-27blobutil: merge with main scriptLeah Rowe
make blobutil a symlink. Example of command changes: ./blobutil download x220_8mb is now: ./update blobs download x220_8mb The old command still works, for compatibility. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-27unify download/build scriptsLeah Rowe
move resources/scripts/download/ to: resources/scripts/update/module/ This: ./download coreboot Is now: ./update module coreboot However, running "./download coreboot" still works, via backwards compatibility. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-27unify these scripts: build, modify and updateLeah Rowe
unify them, by turning them into symlinks pointing to a generic script named lbmk the script named lbmk is a fork of the script named "build", which just checks argument 0 and adapts accordingly all of these core scripts had the exact same overall logic, and they are thus compatible Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-27build/payload/seabios: reduced indentationLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-27Remove most of Ferass's lbmk contributionsLeah Rowe
The primary purpose of my intense auditing has been to improve lbmk's coding style and fix bugs but there is a secondary purpose: know precisely who owns what, because I want to re-license as much as possible of lbmk under *MIT*, instead of the current GNU licensing. MIT is vastly superior, because it grants *actual* freedom to the user, permits *sublicensing* and it is vastly more compatible with other GPL combinations; for example, MIT license is compatible with GPL2-only whereas lbmk's current mix of GPLv3-or-later and GPLv3-only is legally incompatible with GPLv2-only. Re-licensing under MIT will most likely result in more contributions to Libreboot's build system in the future, especially as it will attract a lot more commercial interest. Contrary to the popular arguments, copyleft is a liability to the free software movement and results in less code being written; in practise, permissively licensed code gets more public contributions, including from commercial entities, even if companies can theoretically make something proprietary out of it (in practise, anyone inclined can just use the upstream and proprietary forks almost always die). Copyleft propaganda is fundamentally flawed. See: <https://unixsheikh.com/articles/the-problems-with-the-gpl.html> Anyway, I've been doing a combination of: * Seeking permission from other copyright holders, for re-licensing * Deleting, or moving, other contributions; for example, splitting certain contributions into separate files so that originally modified files become unencumbered. This latter solution is a result of *code cleanup* arising from the audit. For Ferass's contributions, I opted to seek *permission*, and permission was denied. In full compliance with this legal imperative, I'm acting accordingly; this commit removes all of Ferass's changes that converted lbmk to posix shell scripts, thus removing his copyright on the affected files, bypassing his authority entirely. Therefore, lbmk is largely now bash-dependent. In practise, nobody is going to use anything other than a GNU system to build Libreboot, because many projects that Libreboot makes use of rely heavily on GNU; for example, coreboot's build system makes heavy use of GNU-specific extensions in *GNU Make*, and likely contains many bashisms. Of course, Libreboot also compiles GNU GRUB. I would much rather have MIT-licensed Bash scripts than GPL-licensed posix SCL scripts. This reverts the changes from Ferass El Hafidi, for the following commits, with some exceptions: * 7f5dfebf7d37c56d9c7993aaa17c59070cb5aec9 * f787044642236917c9c4dbcaa48a6b0648097db0 Exception: download/mrc not reverted, because that was already a fork of an existing script under coreboot's build system, and their script was GPLv2. i cannot/will not re-license this file (ergo, 7f5dfebf7d37c56d9c7993aaa17c59070cb5aec9 change remains intact, on this file) resources/scripts/build/boot/roms_helper, these changes have been kept: * 7e6691e9 - Add ARMv7 and AArch64 support * dec2d720 - add myself in the build/roms_helper script (added 2021 copyright for the change below) * b7405656 - Workaround for grub's slow boot ^ these changes will be re-factored, splitting them out of the file into a new file. This will be done in a future lbmk revision. (in some cases, it makes sense to keep a change but split it, allowing the main file to be re-licensed without the change in it) This is part of a much larger series of licensing audits. It's likely that lbmk will be posix-compliant (in its shell scripts) again some day, because I'm planning to rewrite most of these scripts (the ones modified in this patch), and many of them (e.g. individual download scripts) are subject to future deletion in a planned overhaul of the download logic for third party projects. In addition: these changes are being kept (no attempt to re-license them will be made): * cff081c6 - Fix grub's slow boot (1 year, 5 months ago) <Vitali64> * 4c851889 - Add macbook*1 16mb configs (1 year, 6 months ago) <Vitali64> Ferass's work that remains will be split into dedicated files containing them, where feasible. In the case of grub.cfg (for GNU GRUB), I don't care because it's a script for an engine (GRUB shell) that's under GPL anyway, so who really cares about MIT license. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-24download/coreboot: fix error handling in subshellLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-24download/coreboot: don't needlessly re-downloadLeah Rowe
2023-05-21download/coreboot: remove unnecessary bloatLeah Rowe
it is not necessary to have help output similarly, listing all boards in this script is pointless. why not just run ls -1 on the directory?
2023-05-20build/clean/u-boot: remove unnecesssary checkLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/clean/u-boot: improved coding styleLeah Rowe
tabs for indentation simplify some checks
2023-05-20build/clean/ich9utils: don't use subshellLeah Rowe
this also fixes error handling Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/u-boot: top-down, split-function code styleLeah Rowe
main() on top top-down order of logic logic split into separate functions Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/payload/u-boot: 79 chars or less per lineLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/payload/u-boot: fix wrong attributionsLeah Rowe
only alper and ferass have ownership of this file, but ferass only submitted to it in 2022, not 2021 fix this i've removed myself from the file, for now i never touched this file before, so it's not right that my name be here put alper's name at the top, because alper was the person who created this file first Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/payload/grub: rename functions for clarityLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/payload/grub: remove unnecessary checkLeah Rowe
sed does the same job as cp, in this situation Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/payload/grub: split logic into functionsLeah Rowe
main() on top top-down logic Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/payload/grub: 79 chars or less per lineLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/release/roms: minor cleanupLeah Rowe
split actual purging of blobs to a function rename functions for clarity
2023-05-20build/release/roms: handle argument properlyLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/release/roms: remove superfluous commentsLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/release/roms: handle errors inside subshellLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/release/roms: split logic into functionsLeah Rowe
main() on top top-down logic 79 chars or less, per line Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-05-20build/release/roms: use tabs for indentationLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>