summaryrefslogtreecommitdiff
path: root/config
AgeCommit message (Collapse)Author
8 daysBump GRUB revision to 6811f6f09 (26 November 2024)Leah Rowe
Although this is for a stable release revision, namely Libreboot 20241206 revision 8, I've carefully audited the upstream changes and they all seem fine. Several important bug fixes have been imported with this change. Most interestly, GRUB has also added support for TPM2 Key Protectors; we don't use this feature yet, and probably won't for the time being, since TPM is largely security threatre for our purposes anyway. There's no harm including all upstream revisions, up to those ones, since those modules are not yet added in lbmk. Most notably, there are several file system fixes, and minor fixes to the graphics terminal of GRUB. Minor fixes only, in terms of what Libreboot actually uses at present. The full list of imported changes are as follows, relative to the previous GRUB revision, which was b53ec06a1 from 17 June 2024: * 6811f6f09 tpm2_key_protector: Enable build for powerpc_ieee1275 * ff14b89bd ieee1275/tcg2: Add TCG2 driver for ieee1275 PowerPC firmware * 72092a864 ieee1275/tcg2: Refactor grub_ieee1275_tpm_init() * 8c0b5f200 ieee1275/ibmvpm: Move TPM initialization functions to own file * 7344b3c7c ieee1275: Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID * 29d1bd2a9 term/ieee1275/serial: Cast 0 to proper type * 99ee68a01 tss2: Adjust bit fields for big endian targets * 3770a6905 docs: Document TPM2 key protector * f898440cc tests: Add tpm2_key_protector_test * 76a2bcb99 tpm2_key_protector: Add grub-emu support * 135e0bc88 diskfilter: Look up cryptodisk devices first * b35480b48 cryptodisk: Wipe out the cached keys from protectors * 6abf8af3c cryptodisk: Fallback to passphrase * fba3a474e tpm2_key_protector: Implement NV index * 550ada7d6 tpm2_key_protector: Support authorized policy * 5f6a2fd51 util/grub-protect: Add new tool * ad0c52784 cryptodisk: Support key protectors * 48e230c31 key_protector: Add TPM2 Key Protector * 35c9904df tss2: Add TPM2 Software Stack (TSS2) support * 63a78f4b4 tss2: Add TPM2 types and Marshal/Unmarshal functions * 2ad159d9b tss2: Add TPM2 buffer handling functions * 5d260302d key_protector: Add key protectors framework * 3d60732f9 libtasn1: Add the documentation * 99cda6788 asn1_test: Test module for libtasn1 * 504058e82 libtasn1: Compile into asn1 module * 8a0fedef2 asn1_test: Enable the testcase only when GRUB_LONG_MAX is larger than GRUB_INT_MAX * 66cf4cb14 asn1_test: Use the grub-specific functions and types * 0d0913fc6 asn1_test: Print the error messages with grub_printf() * 2e93a8e4b asn1_test: Remove "verbose" and the unnecessary printf() * b7568e335 asn1_test: Return either 0 or 1 to reflect the results * d60a04bae asn1_test: Rename the main functions to the test names * 54e0e19a2 asn1_test: Include asn1_test.h only * 0ad1d4ba8 libtasn1: Fix the potential buffer overrun * 4160ca983 libtasn1: Use grub_divmod64() for division * 8f56e5e5c libtasn1: Adjust the header paths in libtasn1.h * d86df91cb libtasn1: Replace strcat() with _asn1_str_cat() * 32fdfe600 libtasn1: Replace strcat() with strcpy() in _asn1_str_cat() * fa498af7b libtasn1: Disable code not needed in GRUB * 9a26abbc3 libtasn1: Import libtasn1-4.19.0 * c85c2b9f5 posix_wrap: Tweaks in preparation for libtasn1 * 4f6c46091 kern/fs: Honour file->read_hook() in grub_fs_blocklist_read() * 792132c72 docs: Fix incorrect and potentially confusing language and minor formatting * 1763d83f5 docs: Correct GRUB config file name for network boot * 097fd9d9a docs: Correct chainloader UEFI secure boot info * f48e6af11 docs: Correct PXE environment variables descriptions * dd743ba42 loader/multiboot: Do not add modules before successful download * 9a9082b50 grub-mkimage: Add SBAT metadata into ELF note for PowerPC targets * f97d4618a grub-mkimage: Create new ELF note for SBAT * f26b39860 commands/legacycfg: Avoid closing file twice * 337cb2486 nx: Rename GRUB_DL_ALIGN to DL_ALIGN * 31de991de kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table() * f5bb766e6 nx: Set the NX compatible flag for the GRUB EFI images * 94649c026 nx: Set page permissions for loaded modules * 09ca66673 nx: Add memory attribute get/set API * 9fb80dd57 modules: Load module sections at page-aligned addresses * 6e2fe134e modules: Don't allocate space for non-allocable sections * 2b79d550f modules: Strip .llvm_addrsig sections and similar * 246c82cda modules: Make .module_license read-only * 616adeb80 i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global * 95a7bfef5 i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT * 1b1061409 i386/msr: Extract and improve MSR support detection code * 929fafdf5 i386/msr: Rename grub_msr_read() and grub_msr_write() * d96cfd7bf i386/msr: Merge rdmsr.h and wrmsr.h into msr.h * 86ec48882 commands/tpm: Skip loopback image measurement * 3808b1a9b net/drivers/efi/efinet: Skip virtual VLAN devices during card enumeration * e5f047be0 efi/console: Properly clear leftover artifacts from the screen * c5ae124e1 kern/riscv/efi/init: Use time register in grub_efi_get_time_ms() * 9c34d56c2 loader/efi/linux: Reset freed pointer * 92bed41bf loader/efi/linux: Reuse len variable * 33cb8aecd lib/x86_64/relocator_asm: Use .quad instead of .long * 77cd623de lib/x86_64/relocator_asm: Fix comment in code * 95145eea5 loader/efi/linux: Update comment * d333e8bb3 util/grub-mkimagexx: Explicitly move modules to __bss_start for MIPS targets * 34b7f3721 include/grub/offsets.h: Set mod_align to 4 on MIPS * ed0651673 gentpl: Put boot/mips/startup_raw.S into beginning of the image * 648f2d16c configure: Add -mno-gpopt option for mips and mipsel targets * f0710d2d8 lib/xzembed/xz_dec_bcj: Silence warning when no BCJ is available * e61157bbd fs/erofs: Replace 64-bit modulo with bitwise operations * 5313fa839 configure: Look for .otf fonts * 33b94f2a9 loader/efi/chainloader: Do not print device path of chainloaded file * ab1e6fc04 docs: Document all GRUB modules * 9537f4403 commands/bli: Fix crash in get_part_uuid() Signed-off-by: Leah Rowe <leah@libreboot.org>
8 dayst480/3050micro: force power off post power failureLeah Rowe
The T480 has no option table, because it lacks nvram, so the default option applies, which seems to be power on after power failure. This is undesirable on a laptop. It's triggered simply when your laptop battery runs out, and once triggered, it couldn't be configured at all. Hard-code this. The documentation will be updated later on after this patch is pushed, telling those users who want to change this behaviour how to modify/remove the patch, if they wish to to do so, because some people may actually want to run a server on the OptiPlex 3050 Micro (or if they're crazy like I am, they will host libreboot.org on a ThinkPad). Signed-off-by: Leah Rowe <leah@libreboot.org>
8 daysflashprog: Disable -WerrorLeah Rowe
We haven't seen any build errors, but it seems flashprog sets -Werror on CFLAGS. If you provide WARNERROR=no as a make argument, it avoids -Werror entirely. This is a preventative fix, for over-zealous compilers. Signed-off-by: Leah Rowe <leah@libreboot.org>
8 daysbump flashprog to revision eb2c041 (14 Nov 2024)Leah Rowe
This brings in several important bug fixes from upstream. With this, the following upstream changes have been imported: * eb2c041 cli_wp: Fix bail-out when multiple chips are detected * e05e334 cli_common: Rename local `optarg' variable * efad610 manibuilder: Include NetBSD (anita tags) in `native' target * 09289fb manibuilder: Replace unmaintained DEFAULT_TAGS list * 1457cc6 manibuilder: Stop build testing oldest, EOL targets * 1faffa5 manibuilder: Fix Ubuntu Noble Numbat (24.04) for amd64 * 61dbe36 udev rules: Use `uaccess' tag instead of `plugdev' group * 63d30a2 install: Install binary into bin/, not sbin/ * 6ce26a7 flashchips: add Winbond W25R512NW / W74M51NW * 612519b ichspi: Add Intel Arrow Lake support * d5a61ef ichspi: Add Intel Lunar Lake support * 5e0d9b0 ichspi: Add Intel Meteor Lake SoC * 0ef2eb8 ichspi: Add Intel Snow Ridge SoC * 42daab1 ichspi: Properly add Emmitsburg PCH * af26008 ich_descriptors_tool: Add missing options for EHL & C620 * 82fe123 ich_descriptors: Hard code number of masters for newer gens * 157b818 ich_descriptors: Guard MCH strap handling by chipset version * db878fb ich_descriptors: Drop chipset detection based on `freq_read` * b3cc2c6 ich_descriptors: Unify pretty printing of PCH100+ masters * 8e4151d chipset_enable: Remove hidden-spidev workaround for Elkhart Lake * 6d72efa chipset_enable: Remove hidden-spidev workaround for all 14nm PCHs * 092a699 chipset_enable: Remove hidden-spidev workaround for TGP+ * 5bbd324 chipset_enable: Add missing PCI ID for Intel PCH H410 * a088475 chipset_enable: Factor PCH100 hidden-spidev workaround out * 5eb7a58 Drop 1s delay before automatic verification * 7427569 libflashprog: Run programmer_shutdown() on failed setup * 5a9d6ea chipset_enable: Fix memory leaks introduced with AMD SPI100 * e149fbe Only try to check erase opcodes for SPI25 chips * 07ebc68 Avoid NULL deref in check_block_eraser() * 2405310 chipset_enable: Mark Intel QM87 as DEP * 9897063 flashchips: Allow volatile register writes for W25Q128.V * c972aed flashchips: Configure WP for MX25L25635F/45G * 8f7122c cli: Add new write-protect CLI * eed122d layout: Implement flashprog_layout_get_region_range() * 1f693db cli: Add new `config' CLI for status/config registers * 85c2cf8 cli: Implement "command" option parser * 24c0977 cli: Add print function for generic CLI options * b82aadc cli: Move some declarations into `cli.h` * a705043 cli: Add a new CLI wrapper * d39c7d6 cli: Extract basic CLI init into cli_common * df6ce9f cli: Extract log argument parsing into cli_common * 0da839b cli: Extract layout argument processing * d91822a cli: Extract layout argument parsing into cli_common * e7899a9 cli: Move all long-option keys into cli.h * 34e783a cli: Extract flash argument parsing into cli_common * e68b08b cli_classic: Rewrite programmer argument parsing * 6898f5b spi25_statusreg: Prefer volatile status register writes * 55e7884 Introduce FLASHPROG_FLAG_NON_VOLATILE_WRSR * fbba454 Install udev rules * 768cfc4 flashchips: Add GigaDevice GD25LR512ME Signed-off-by: Leah Rowe <leah@libreboot.org>
8 daysreplace liblz4-tool with lz4 and liblz4-devLeah Rowe
In Debian dependencies files. These are available in Debian Stable, but liblz4-tool is a transitional package referring to lz4; liblz4-tool transition package is unavailable in Debian sid, so remove it from the dependencies files. Signed-off-by: Leah Rowe <leah@libreboot.org>
8 dayslib.sh dependencies: support --reinstall argumentLeah Rowe
./mk dependencies debian --reinstall Add --reinstall and it'll do: apt-get install --reinstall This can be useful when updating from a stable release to a testing release. The variable, "reinstall" can be configured for other distros, but it's currently only configured for Debian-based distros. Also, it can be anything. For example, you could add -y; however, a 4th argument will not be accepted. For example, you cannot do: ./mk dependencies debian --reinstall -y If you do this, it'll only see --reinstall; similarly, if you did this command: ./mk dependencies debian -y --reinstall then -y would be passed, but not --reinstall. This is an intentional design decision, in case you accidentally pasted or subshelled something that outputted something undesirable, to prevent possible abuse. Signed-off-by: Leah Rowe <leah@libreboot.org>
8 daysFix U-Boot build issue with Swig 4.3.0Leah Rowe
Tested on Debian Sid, as of 30 December 2024, which uses Swig 4.3.0. Context here: commit a63456b9191fae2fe49f4b121e025792022e3950 Author: Markus Volk <f_l_k@t-online.de> Date: Wed Oct 30 06:07:16 2024 +0100 scripts/dtc/pylibfdt/libfdt.i_shipped: Use SWIG_AppendOutput This patch from U-Boot upstream has been backported to the release revision used by Libreboot. Swig has, since 4.3.0, changed the language-specific AppendOutput functions, but the helper macro SWIG_AppendOutput is identical; therefore, upstream switched to this function. The benefit of this fix is that since the newly used macro is also the same on older Swig versions, and behaves the same, this shouldn't fix building on older Swig versions. For reference, the initial Libreboot 20241206 release, and revisions of it before revision 8, was built on Debian 12 which uses Swig 4.1.0. The rev8 release will still be compiled on Debian 12, but with this change, it should also compile on Debian Sid, and bleeding edge distros like Arch Linux. Signed-off-by: Leah Rowe <leah@libreboot.org>
9 daysremove auto-confirm on distro dependenciesLeah Rowe
because if it says yes to everything, and the package manager would otherwise ask whether you want to give it your first born son, you are therefore agreeing to it. so remove -y for safety Signed-off-by: Leah Rowe <leah@libreboot.org>
10 dayst480/3050micro: disable hyperthreadingLeah Rowe
Hyperthreading is a risk factor for spectre/meltdown and other attacks. Disabling it is a best practise. Those who need it can always turn this option back on. Otherwise, disabling it by default is a simply courtesy to the average user, in the interest of security. Signed-off-by: Leah Rowe <leah@libreboot.org>
10 dayst480/t480s: Disable TPM2 to mitigate SeaBIOS lagLeah Rowe
SeaBIOS was lagging a lot, on startup and when executing almost any payload, especially when doing anything in the ESC menu. I set the debug level to *21*, and thoroughly analysed the logs. I found entries such as this: Checking for bootsplash WARNING - Timeout at wait_reg8:81! TCGBIOS: Return value from sending TPM2_CC_StirRandom = 0x00000000 WARNING - Timeout at wait_reg8:81! TCGBIOS: Return value from sending TPM2_CC_GetRandom = 0x00000000 WARNING - Timeout at wait_reg8:81! TCGBIOS: Return value from sending TPM2_CC_HierarchyChangeAuth = 0x00000000 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc16e WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc1c5 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc211 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc25d WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2a9 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2f5 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc341 WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc38d WARNING - Timeout at wait_reg8:81! TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc3d9 Searching bootorder for: HALT Mapping hd drive 0x000f49e0 to 0 I'm not quite certain what the problem is, but disabling TPM2 made the problem go away; SeaBIOS is snappy again. TPM is security threatre anyway. Signed-off-by: Leah Rowe <leah@libreboot.org>
11 daysrom.sh: Name pico directory serprog_picoLeah Rowe
Previously serprog_rp2040, but we now also support the RP2530 boards. Therefore, serprog_pico is a nice generic name. The directory on release archives will now be serprog_pico instead of serprog_rp2040; it will contain serprog images for both RP2040 and RP2530 devices. Signed-off-by: Leah Rowe <leah@libreboot.org>
11 dayspico-sdk: update to 2.1.0Riku Viitanen
this brings support for a new microcontroller platform rp2530. total number of pico boards supported now: 97 TEST: built them all Tested-by: Riku Viitanen <riku.viitanen@protonmail.com> Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
12 daysadd spdx headers to dependencies configsLeah Rowe
these used to be separate scripts under gpl 3+, so it makes sense to clarify the licensing situation Signed-off-by: Leah Rowe <leah@libreboot.org>
12 daysdependencies/debian: fix debian sidLeah Rowe
change python3-distutils to python3-distutils-extra the latter is still available in debian sid, but not the former. however, installing this should still provide the additional files required. with this, the debian script is now compatible with both debian sid and debian stable(bookworm, presently). Signed-off-by: Leah Rowe <leah@libreboot.org>
12 daysadd spdx headers to various config filesLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
12 daysvendor.sh: Handle FSP insertion post-releaseLeah Rowe
The Libreboot 20241206 release provided FSP pre-assembled and inserted into the ROM images; the only file inserted by vendor.sh was the Intel ME. Direct distribution of an unmodified FSP image is permitted by Intel, provided that the license notice is given among other requirements. Due to how coreboot works, it must split up the FSP into subcomponents, and adjust certain pointers within the -M component (for raminit). Such build-time modifications are perfectly fine in a coreboot context, where it is expected that you are building from source. The end result is simply what you use. In a distribution such as Libreboot, where we provide pre-built images, this becomes problematic. It's a technicality of the license, and it seems that Intel themselves probably intended for Libreboot to use the FSP this way anyway, since it is they who seem to be the author of SplitFspBin.py, which is the utility that coreboot uses for splitting up the FSP image. Due to the technicality of the licensing, the FSP shall now be scrubbed from releases, and re-inserted. Coreboot was inserting the -S component with LZ4 compression, which is bad news for ./mk inject beacuse the act of compression is currently not reproducible. Therefore, coreboot has been modified not to compress this section, and the inject command doesn't compress it either. This means that the S file is using about 180KB in flash, instead of about 140KB. This is totally OK. The _fsp targets are retained, but set to release=n, because these targets *still* don't scrub fsp.bin; if released, they would include fsp files, so they've been set to release=n. These can be used on older Libreboot release archives, for compatibility. The new ROM images released for the affected machines are: t480_vfsp_16mb t480s_vfsp_16mb dell3050micro_vfsp_16mb Note the use of _vfsp instead of _fsp. These images are released, unlike _fsp, and they lack fspm/fsps in the image. FSP S/M must be inserted using ./mk inject. This has been tested and confirmed to boot just fine. The 20241206 images will be re-compiled and re-uploaded with this and other recent changes, to make Libreboot 20241206 rev8. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-24data/deguard: Remove unused patchLeah Rowe
The appdir.patch file was used on the older deguard version, prior to Mate Kukri's rewrite. This patch is no longer required, and no longer used, so it can be removed safely from lbmk. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-22remove geteltorito and mtools from lbmkLeah Rowe
we needed these for extracting intel vga roms from lenovoo updates, for t480, very briefly. about an hour after i pushed that patch, mate kukri fixed libgfxinit and then i removed the vgarom integration because it wasn't needed anymore. however, i forgot to remove geteltorito/mtools from dependencies. some distros like fedora were problematic about it. the best thing about bugs is when you don't have to fix them. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18rom.sh: support grub-first setupsLeah Rowe
in this setup, seabios is never the default payload, grub is, but only if grub is enabled. set this in target.cfg: payload_grubsea="y" if payload_grub isn't enabled, this is auto-set to n ditto if initmode=normal NOTE: if flashing libgfx setups, you should make sure that you're not booting with a graphics card, only intel graphics. this setting will intentionally not be documented, because it's not recommended, but is being implemented for testing purposes (and i implemented it for some guy who i think is cool). i'll probably also use this myself, since i already do grub-only setups on all my own machines. seagrub is the default on x86 because of past instabilities with grub. to mitigate in case of future issues, since seabios is always stable, we reduce the chance of bricks. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18vendor.sh: make TBFW pad size configurableLeah Rowe
we encountered 1MB flash so far, but we may encounter other sizes on other machines when added to libreboot later on Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18T480/T480S: Support fetching ThunderBolt firmwareLeah Rowe
Though not used in coreboot builds, and not injected into the builds in any way, these files are now created seperately when handling T480/T480s vendor files: vendorfiles/t480/tb.bin vendorfiles/t480s/tb.bin These are created by extracting Lenovo's ThunderBolt firmware from update files. The updated firmware fixes a bug; older firmware enabled debug commands that wrote logs to the TB controller's own flash IC, and it'd get full up with logs, bricking the controller. If you've already been screwed by this, you must flash externally, using a padded firmware from Lenovo's updates. Lenovo's own updater requires creating a boot CD or booting Windows. This patch in lbmk auto-downloads just the firmware, and you can flash it externally. You could simply do this as a matter of course, when installing Libreboot. You are recommended to update the Lenovo UEFI/EC firmwares first, before installing Libreboot; please look at the Libreboot documentation to know exactly which versions. Then dump the ThunderBolt firmware first, to be sure, and then you can flash these files. Flashing these updates will prevent the bug described here: https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t480-type-20l5-20l6/20l5/solutions/ht508988 You can download Lenovo's installers for various ThinkPad models there, including T480s/T480s. It is these downloads that this lbmk patch uses, to extract those files directly. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-17also de-rainbow the u-boot menu20241206rev6Leah Rowe
boring is good Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-17Revert "use rainbow deer on the grub background"20241206rev5Leah Rowe
libreboot has a lot of users worldwide, some of whom live in countries that punish being gay; if they look at libreboot or boot it and it has the pride colours on it, it could actually get them in trouble. this fact occured to me, and i've decided therefore to revert back to the boring plain logo. though, perhaps we could actually properly design a new logo? a new, modern logo, and a nicer website. we'll see! This reverts commit 401efb24b2213454732e769531f660605771e538.
2024-12-17use rainbow deer on the grub backgroundLeah Rowe
same as on u-boot recently Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-11disable 3050micro nvme hotplug20241206rev3Leah Rowe
see patch for rationale. this should prevent instability caused when the nvme randomly replugs under linux. sometimes e.g. nvme0n1 becomes nvme0n2 while the system is running. in my case, that caused my raid1 to become unsynced every few days. this issue was fixed on t480 by disabling pcie hotplug for its nvme device, so the same fix has been applied for dell optiplex 3050 micro. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-10fix t480 spd size (512, not 256)Leah Rowe
this was done with the following command: ./mk -u coreboot t480s_fsp_16mb t480_fsp_16mb it was set to 256 but should be 512. the SPD is what contains configuration data for raminit, which training code uses so that the timings will be correct. if the SPD size is wrong, the machine won't boot in practise, lbmk always runs "make oldconfig" on a coreboot config, before building it, so this was already being corrected automatically at build time. however, if that fact ever changes in the future, this wrong configuration would cause the machines not to boot. therefore, this can be considered a preventative or perhaps pre-emptive bug fix. this fix does not need to be applied to the 20241206 release, because of the behaviour described above. the final ROM images do have the spd size set correctly to 512, because of this design feature in lbmk. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-06Libreboot 20241206 releaseLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-05Libreboot 20241205 release20241205Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-05Revert "Revert "disable u-boot on thinkpad t480""Leah Rowe
Nope! Bootflow menu is cursed on this machine. Too many issues in U-Boot on this machine. I did however boot a Debian installer after it booted, using bootflow. The installed system wouldn't boot with bootflow, but I could then boot it with "bootefi bootmgr". I'll rig up a uart on the T480 when I get round to it and start investigating U-Boot bugs on this board. I don't want people flashing something that doesn't work. GRUB and SeaBIOS work, so ship those, and don't ship U-Boot. This reverts commit 19ec440a6f79dcbb089715fef814808a0fd40ae0.
2024-12-05Revert "disable u-boot on thinkpad t480"Leah Rowe
u-boot does work after a few reboots. it just boot loops. let it run. it should be able to boot from nvme. sata still needs some work (sata only works in grub, on this machine) This reverts commit cd9baca5d664d392316d94ccaa7deb209d4e1828. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-05add patch from mkukri fixing t480 sataLeah Rowe
nvme worked but not sata. with this, t480 users with sata ssds should be able to boot linux nicely Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-05disable u-boot on thinkpad t480Leah Rowe
it just bootloops and doesn't seem reliable at the moment Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-04remove the purple patch on arm64 u-bootLeah Rowe
it's green there. different colour scheme apparently. still works on x86. alper said his kevin chromebook was green! Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-04Merge pull request 'u-boot: Use bootflow menu by default for ARM64 boards' ↵Leah Rowe
(#254) from alpernebbi/lbmk:u-boot-arm64-bootflow-menu into master Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/254
2024-12-04i made u-boot purpleLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-04u-boot: Use bootflow menu by default for ARM64 boardsAlper Nebi Yasak
The bootflow menu is already the default boot command on x86. Switch arm64 boards to that as well, so instead of booting the first thing we find, we can easily choose what to boot. Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2024-12-04Add bootflow/branding patches to arm64 U-Boot tooLeah Rowe
U-Boot on ARM64 also enables the bootflow menu. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-04Add libreboot branding/version to U-Boot bootflowLeah Rowe
Show it in the bootflow menu Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-04Add auto-boot timeout for U-Boot's bootflow menuLeah Rowe
Otherwise, you have to press enter to boot your distro. With this, a timeout is created. After a number of seconds, which can be reconfigured, the first option selected will be booted, when generating a bootflow menu. The timeout is disabled when you navigate the menu; it only kicks in if you don't input anything on the keyboard. More information about how this works is in the U-Boot patches, within this patch. I've set the timeout to 8 seconds. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-038-sec auto-boot timeout for U-Boot's bootflow menuLeah Rowe
Otherwise, you have to press enter to boot, which is unacceptable for headless operation. Pressing anything other than enter an an option, such as the arrow keys, will disable the timeout. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-03fix board name for coreboot/dell7010sffLeah Rowe
i'd copied the t1650 config and reselected the board lazily. this fixes the issue: https://codeberg.org/libreboot/lbmk/issues/242 Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02Revert "trees: Allow using a custom clean command"Leah Rowe
This reverts commit 5b4c9158e5a79f8d7e776c8c4ece69dda5aa8690.
2024-12-02trees: Allow using a custom clean commandLeah Rowe
On coreboot for example, as Mate has told me, if you're making Kconfig changes and re-compiling, sometimes the actual image that you build might still have the old one in it, due to how coreboot's build system works. To mitigate this, you can just always run distclean before doing the build, but lbmk was doing just clean. In practise, we did not find any issues, but this change should be harmless, and might prevent such issues in the future. It's even possible that we might have already encountered this before and not realised, and we were just lucky that no noticeable issues were caused. It's *also* possible that the reverse is true: an issue that was previously covered up, then that issue will now be exposed. However, if that turns out to be true, then that is good because we are exposing said bugs and then we will know to fix them! Anyway, the variable in target.cfg is: cleancmd="whatever_you_want" e.g. cleancmd="distclean" You may also specify this in global mkhelper.cfg files, per project; I've already done this for SeaBIOS, coreboot and U-Boot, since all of these use Kconfig files. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02Add SPD support for onboard ThinkPad T480S RAMLeah Rowe
Patchset 20 from: https://review.coreboot.org/c/coreboot/+/83274/18..20 Updated to that. A bunch of changes I made locally have been copied here, thus removed from lbmk. The previous setup in lbmk was to have only the DIMM slot work, on the ThinkPad T480S, without setting up SPD for the onboard RAM> Mate Kukri reverse engineered the scheme by which the SPDs are chosen at boot, based on the wiring of the board. This should just about match the way Lenovo did it in their firmware. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02Disable m2 caddy hotplug on T480SLeah Rowe
This fixes an error where nvme disappears and gets renamed on s3 resume. Mate Kukri told me to test that and it worked. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02vendor.sh: Remove T480 VGA ROM download handlingLeah Rowe
Libreboot's binary blob reduction policy is crystal clear: If a blob can be avoided, it must be avoided. The ThinkPad T480 was using Intel's VGA ROM for graphics initialisation very briefly, before Mate fixed libgfxinit. Since libgfxinit is fixed, the Intel VGA ROM is obsolete, so we should not be handling this at all. Similarly, the Nvidia ROM handling has been removed, because Mate is hard-disabling that in the coreboot code anyway, since the Nvidia dGPU didn't work when tested anyway. Even if it did, Libreboot's blob policy makes it clear that Intel graphics with native init from coreboot is to be the preferred option. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02Enable legacy 8254 timer on ThinkPad T480Leah Rowe
I also enabled this on T480S, because otherwise SeaBIOS hung. Enabling it shouldn't cause any harm on the T480, though Mate did say that his machine seemed to work with my setup. However, I believe that was when I gave him the ones that lbmk built with the VGA ROM. Now it builds with libgfxinit, because Mate was able to fix libgfxinit on this machine. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02libgfxinit on Thinkpad T480Leah Rowe
was previously using the VGA ROM. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02NEW MAINBOARD: ThinkPad T480SLeah Rowe
Added t480s delta to deguard, for MFS config. Updated coreboot/next to latest t480 patch set, which includes t480s. This porting was done by Mate Kukri. also includes experimental t480s support Also added a data.vbt file (not in the gerrit patch) for the T480s. I had to turn on 8254 legacy timer on t480s, otherwise SeaBIOS would hang. Same issue I saw on OptiPlex 3050 Micro. Minor issue: On S3 resume, nvme0n1 for example got renamed to nvme0n2. This caused a crash if running Linux from the nvme. I confirmed this via live USB distro. So this port will need some tweaking before it can be considered stable. Also uses libgfxinit, which Mate recently fixed. I'm going to enable libgfxinit on regular T480 next. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-01NEW MAINBOARD: ThinkPad T480Leah Rowe
This uses the excellent deguard utility, written by the excellent Mate Kukri. A few bugs but it mostly works. Documentation to come shortly, in lbwww.git. Signed-off-by: Leah Rowe <leah@libreboot.org>