| Age | Commit message (Collapse) | Author |
|---|
|
There really isn't anything functionally different. However,
this means one less patch is needed in lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
NOTE: gfxterm_menu module removed, because of this
change by upstream:
commit ca2a91f43bf6e1df23a07c295534f871ddf2d401
Author: Glenn Washburn <development@efficientek.com>
Date: Mon May 5 16:11:36 2025 -0500
tests: Disable gfxterm_menu and cmdline_cat tests
This brings in the following changes from upstream:
* a68a7dece loader/i386/pc/linux: Fix resource leak
* de80acf36 loader/efi/linux: Unload previous Linux kernel/initrd before updating kernel size
* 249db11d8 loader/efi/linux: Correctly terminate load_options member
* f3b339af1 loader/efi/linux: Use sizeof() instead of constant
* c2b2e0dcf loader/efi/linux: Use proper type for len variable
* de4e8e2aa loader/efi/linux: Do not pass excessive size for source string
* 8c8f96664 loader/efi/linux: Remove useless assignment
* 8ebf155af include/grub/charset.h: Update documentation
* 2f2ed28d5 Revert "lzma: Make sure we don't dereference past array"
* 2539ede82 tests/util/grub-shell: Correct netboot and file_filter test failure
* 8c2d4e64f normal/charset: Fix underflow and overflow in loop init
* ba8eadde6 dl: Provide a fake grub_dl_set_persistent() and grub_dl_is_persistent() for the emu target
* 409e72ced util/grub-protect: Correct uninit "err" variable
* 5eca564b1 gnulib: Bring back the fix for resolving unused variable issue
* ac1512b87 gnulib: Add patch to allow GRUB w/GCC-15 compile
* db506b3b8 gnulib/regexec: Fix resource leak
* bba7dd736 gnulib/regcomp: Fix resource leak
* 91cb7ff6b tests/tpm2_key_protector_test: Add tests for SHA-384 PCR bank
* 451e227e5 tpm2_key_protector: Dump the PCR bank for key unsealing
* 11caacdb2 util/grub-protect: Fix the hash algorithm of PCR digest
* ce23919ca build: Add new header files to dist to allow building from tar
* e3b15bafd build: Remove extra_deps.lst from EXTRA_DIST
* 40e261b89 lib/LzmaEnc: Validate "len" before subtracting
* 86e8f2c4b osdep/unix/hostdisk: Fix signed integer overflow
* 438f05581 disk/luks2: Add attempting to decrypt message to align with luks and geli modules
* 20e6d0c4a osdep/linux/getroot: Detect DDF container similar to IMSM
* b71bc0f8b fs/fshelp: Avoid possible NULL pointer deference
* 272ff81cb fs/ntfs: Correct possible infinite loops/hangs
* 8c95307a0 fs/ntfs: Correct possible access violations
* 06914b614 fs/ntfs: Correct attribute vs attribute list validation
* 0e1762c8a fs/ntfs: Correct regression with run list calculation
* be303f8c1 lib/envblk: Ignore empty new lines while parsing env files
* 34bd00ee2 fs/zfs: Fix another memory leak in ZFS code
* ca2a91f43 tests: Disable gfxterm_menu and cmdline_cat tests
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This brings in the following changes:
* b686f460 sercon: Fix keycodes for F11 and F12
* b52ca86e docs: Note v1.17.0 release
* a6c8e8bb ahci: Fix hangs due to controller reset
The serial console fix is useful to us, as is the AHCI
fix; the latter was previously mitigated by removing
SeaBIOS's AHCI reset patch.
Upstream realised that the AHCI controllers need to have
a timeout on them when resetting them, because they don't
always react immediately to commands.
This makes the AHCI behaviour more correct, in SeaBIOS.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i did:
ifdtool -f layout.txt ifd.bin
changed layout.txt to say this:
00000000:00000fff fd
00019000:007fffff bios
00001000:00018fff me
00fff000:00000fff gbe
00fff000:00000fff pd
then i did:
ifdtool -n layout.txt ifd.bin -O ifd.bin
this was done to the ifd for hp 3500 pro, based on
the 96KB size of the truncated me.bin via me_cleaner,
when downloading vendor files in lbmk.
it's the policy of libreboot that me.bin should always
be shrunk, and the BIOS region enlarged.
in the original HP 3500 PRO patch submitted, the ME region
was larger, with region boundaries like this:
00000000:00000fff fd
00400000:007fffff bios
00001000:003fffff me
00fff000:00000fff gbe
00fff000:00000fff pd
In the above example, you see that the BIOS region is 4MB.
In the new setup, BIOS is about 7.9MB.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
coreboot already unlocks the regions during build, by default,
anyway, and this was present in the submitter's patch.
however, it's also good to unlock the IFD regions. like so:
ifdtool --unlock ifd.bin -O ifd.bin
this has been done, on the ifd for hp pro 3500
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
ifdtool --altmedisable 1 ifd.bin -O ifd.bin
always remember to do this, when adding a new
ifd to lbmk. i merged the 3500 port anyway, since
the submitted already used me_cleaner anyway, but
setting the HAP bit is also useful. for example, if
someone was to only flash the BIOS region, which is
possible in this case since the submitter also
didn't truncate the ME region or enlarge the BIOS
region.
in that case, flashing IFD and BIOS is another valid
way to do it, where IFD's HAP bit is set
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We want graphics cards to work out of the box. This is
why SeaGRUB is default, on desktops; SeaBIOS also has
better code quality and is less likely to break, so it
provides a nice fallback in case the GRUB payload is ever
buggy during development (this decision was made ever
since the botched May 2024 release)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
JoelLinn/lbmk:feature-port-hppro3500 into master
Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/350
|
|
it means nothing here. in context, if a non-zero return
is observed, we should not do anything here, which is
already the behaviour anyway, except that "break" means
nothing since we're not in a loop here.
where an error exit should be observed, x_ is used inside
the command given for fx_
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Everything should work except cpu fan control because ME cleaning breaks PECI.
|
|
handle errors on sha512sum - also handle awk errors inside
the mini subshell, and provide overall error handling.
we know that the project.hash file should always exist, and
always be read no matter what; technically, the find command
that proceeds it might not yield any results, but an empty
file would then be produced.
the edge case of an empty file would have lead to an error
beforehand, when configuring the project in function,
configure_project(), so we've already got that covered.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
when reading old_pjhash, we need to error out where a read
error occurs. such an error is unlikely, but could occur under
certain edge cases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Don't do no-op if it fails; fall back to "clean" instead,
and fail if that fails.
The no-op was there was not all projects have distclean,
but we do intend for them all to be cleaned.
We mitigate further error by only running make-clean if
a makefile exists.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i overlooked this one in the previous commit
there is always one.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not elf/UTIL/TREE
This way, they are automatically deleted when a tree
has to be re-built.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Don't copy the files directly, because we might be doing
this from a work directory that has no files; in this case,
generic "unknown" variables are used, without generating
any files, so the current logic would produce an error.
However, we do need to create those dot files, because
we then rely on them for building release binaries.
The new logic maintains current behaviour, while fixing
this technical edge-case scenario via mitigation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
shorten them
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
stick it in git_prep, which both single- and multi-tree
projects will use, when downloading git repositories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
The following execution will result in another printf
that says exactly what is being downloaded.
There is no need to inform the user twice about
what is being downloaded.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
A git-pull is performed immediately after git-fetch.
Git-pull already performs git-fetch as a prerequisite.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the checks at the end of the function are mostly
superfluous, because bad_checksum() is immediately
called just beforehand, and performs the same checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the current behaviour is a relic from the older lbmk
design, before recent auditing.
the current logic would cause xbmk to continue execution,
going into a child process with .git/ being a symlink.
The .git/ directory should never be a symlink, because
it is extremely error-prone.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We rely on a non-zero exit on other try_ commands, which
works fine there because we then check the file afterward
and error out accordingly.
For git repositories, we assume that both mirrors are
identical and therefore once we get to the first clone
attempt, we assume that it must succeed.
Therefore, if it does not succeed, we must fail. This fixes
a regression I found in testing, where sometimes a failed
patching attempt would not result in an error exit, and
would therefore result in broken sources being present.
In practise, I always very closely watch the terminal when
testing xbmk, especially when updating project patches, so
we probably didn't introduce any broken sources in practice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This code was introduced to provide fault tolerance,
so that if I forgot to manually update the configs
myself, builds would still succeed, e.g. coreboot
builds.
However, there have been cases in the past where this
introduces settings we don't want, and in general we
do want to know when there is an error in the configs.
The policy should always be: fail early, fail hard.
This also mitigates bugs in U-Boot's build system; for
example, when I last attempted to update the U-Boot
tree for x86, make-oldconfig introduced a lot of junk
settings unrelated, which then introduced code that
would brick the board if you tried it on one, e.g.
it broke booting most Linux kernels via bootflow.
With this change, U-Boot will be easier to handle,
which normally requires manual configuration; the
automated make-oldconfig reconfiguration feature
breaks U-Boot. This will no longer occur, since we
no longer run it manually.
On the other hand, this feature has also prevented
other disastrous bugs in the past, such as when I
forgot to properly set the SPD size on T480; it was
set to 256 bytes, not 512 as is correct. Therefore,
this new design change means I must also be more
vigilant about config changes in project trees.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it mainly does general tasks, like handling utils
and enabling ccache. the vfiles are a small part.
rename the function accordingly. it is called by
premake, so let's call it corebootpremake.
this change will also make sense when cherry-picked
into cbmk, which does not handle vfiles at all.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we simply do not need to run the make-oldconfig command
at all, and after removing it, the "cook" function seemed
quite redundant so i merged it with mkvendorfiles()
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
define it with a single variable, rather than several.
this allows several checks to be greatly simplified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
In practise, coreboot can set this bit at build time.
We also use ME Soft Temporary Disable by default, on
this platform.
We also use me_cleaner by default, so the me.bin file
added to flash only contains the code that would run
with HAP set anyway.
Therefore, this change is of little practical consequence,
but as a friend put it to me, this change is most technically
correct.
And I'm all about technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Futility tests enlarge the src tarballs, without much utility.
Uttterly futile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We only need the Kabylake version. We can safely
remove the other ones, thereby significantly
reducing the size of the lbmk release archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Right now, if cache/clone/PROJECT/ already exists,
the logic for pulling new changes doesn't execute,
and neither does the logic for updating remotes.
This is bad when updating revisions, because then
manual updating is required, defeating the purpose
of xbmk's own automation in this regard.
Fix it by only checking the cached download on files,
not Git repositories; the try_git function itself will
already perform this check, before updating remotes
and pulling in new commits from upstream.
The updating only happens when a given target directory
doesn't exist, e.g. src/flashprog/ or src/grub/default/,
so this won't slow down release builds for example.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that way, when a remote changes in config/, it
will be updated automatically, without user
intervention.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Otherwise, an "unknown" version number is created.
This regression was caused by the recent optimisation
that reduces the amount of extra work done by init.sh
on child instances of xbmk.
As a result of those changes, now release.sh has to
do some minor initialisation of its own, such as this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also pcsx-redux
this way, commands like "./mk -u" without argument
will not fail. these fake makefile commands do nothing.
otherwise, an error errors because their makefiles
do not define these options.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, ./mk -d (without arguments) will fail.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Otherwise, ./mk -d (without arguments) fails for GRUB,
which first requires running autoconf to get a Makefile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This brings in several changes from upstream:
* 73d1c959e cryptocheck: Add --quiet option
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
* 301b4ef25 disk/cryptodisk: Add the "erase secrets" function
* 23ec4535f docs: Document available crypto disks checks
* 10d778c4b commands/search: Add the diskfilter support
* 7a584fbde disk/diskfilter: Introduce the "cryptocheck" command
* ed691c0e0 commands/search: Introduce the --cryptodisk-only argument
* c448f511e kern/rescue_reader: Block the rescue mode until the CLI authentication
* 4abac0ad5 fs/xfs: Fix large extent counters incompat feature support
This commit is of particular interest:
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit fb7aaa78bb080a473bdf0edf449bf08045e8366c.
it caused a few issues. will re-do later
the old code isn't really broken, just inefficient, because
several files are scanned twice, but in practise the overhead
isn't that great
The error occurs sometimes, when bruteforcing me.bin:
ERROR ./mk: Unhandled error for: mv /home/user/lbmk/tmp/me.bin /home/user/lbmk/cache/tmpdl/check
This revert should fix the issue, for now.
|
