summaryrefslogtreecommitdiff
path: root/include/vendor.sh
AgeCommit message (Collapse)Author
8 daysvendor.sh: make TBFW pad size configurableLeah Rowe
we encountered 1MB flash so far, but we may encounter other sizes on other machines when added to libreboot later on Signed-off-by: Leah Rowe <leah@libreboot.org>
8 daysT480/T480S: Support fetching ThunderBolt firmwareLeah Rowe
Though not used in coreboot builds, and not injected into the builds in any way, these files are now created seperately when handling T480/T480s vendor files: vendorfiles/t480/tb.bin vendorfiles/t480s/tb.bin These are created by extracting Lenovo's ThunderBolt firmware from update files. The updated firmware fixes a bug; older firmware enabled debug commands that wrote logs to the TB controller's own flash IC, and it'd get full up with logs, bricking the controller. If you've already been screwed by this, you must flash externally, using a padded firmware from Lenovo's updates. Lenovo's own updater requires creating a boot CD or booting Windows. This patch in lbmk auto-downloads just the firmware, and you can flash it externally. You could simply do this as a matter of course, when installing Libreboot. You are recommended to update the Lenovo UEFI/EC firmwares first, before installing Libreboot; please look at the Libreboot documentation to know exactly which versions. Then dump the ThunderBolt firmware first, to be sure, and then you can flash these files. Flashing these updates will prevent the bug described here: https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t480-type-20l5-20l6/20l5/solutions/ht508988 You can download Lenovo's installers for various ThinkPad models there, including T480s/T480s. It is these downloads that this lbmk patch uses, to extract those files directly. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-06Revert "vendor.sh: avoid unnecessary directory copy"20241206Leah Rowe
Nope. It was correct before. fml This reverts commit 2d96fe2a1d13486d3ea6577beedcf3b2babf6cab.
2024-12-06vendor.sh: avoid unnecessary directory copyLeah Rowe
the previous commit changed an mv to a cp. what it hacked was actually a relic of the vgarom download patch that i did for t480, before mate got native video init working. this patch is the better fix. i double checked to be sure, and nothing was using the files at the copied location. the _extracted directory under cache gets deleted later on, so it's perfectly acceptable to keep. the other alternative would have been to simply change the path in the sch5545 function to appdir, instead of the cache dir, but who really cares? this patch removes bloat from lbmk. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-06vendor.sh: fix minor release bugLeah Rowe
I should have copied the extract directory, in cases where it appears as filename_extracted/ under cache/, but I was moving it instead. Both locations (cache/file/*_extracted/ and vendorfiles/appdir/) get deleted, on every run of the vendor script, per target, so this is OK. The only sin is additional use of disk space, for archives that are mostly very small and get immediately deleted anyway. This one lbmk bug, minor though it may be, prevented the Libreboot 20241205 release, which (since it's now the 6th of December) will become Libreboot 20241206 instead - and that gives me time to contemplate whether I want to do one more change that I had planned for the 5th! Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-02vendor.sh: Remove T480 VGA ROM download handlingLeah Rowe
Libreboot's binary blob reduction policy is crystal clear: If a blob can be avoided, it must be avoided. The ThinkPad T480 was using Intel's VGA ROM for graphics initialisation very briefly, before Mate fixed libgfxinit. Since libgfxinit is fixed, the Intel VGA ROM is obsolete, so we should not be handling this at all. Similarly, the Nvidia ROM handling has been removed, because Mate is hard-disabling that in the coreboot code anyway, since the Nvidia dGPU didn't work when tested anyway. Even if it did, Libreboot's blob policy makes it clear that Intel graphics with native init from coreboot is to be the preferred option. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-01NEW MAINBOARD: ThinkPad T480Leah Rowe
This uses the excellent deguard utility, written by the excellent Mate Kukri. A few bugs but it mostly works. Documentation to come shortly, in lbwww.git. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-01vendor.sh: Use the new deguard for 3050microLeah Rowe
I'm adding ThinkPad T480 support next, which requires the new revision of deguard. Mate Kukri changed the way deguard is used, in a rewrite of the project, so lbmk has to change too. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-10-16vendor.sh: Don't use x_ for image MAC address modLeah Rowe
The path might contain spaces and such, which breaks when using the x_ prefix. Call err instead. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-10-14vendor.sh: Handle error status on RUNME.shLeah Rowe
The deguard utility is executed within a subshell, and the subshell does not handle error status. This patch fixes that, so that the main shell also exits non-zero. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-10-05Add config for Dell OptiPlex 3050 MicroLeah Rowe
This is using Mate Kukri's port, which was added in previous lbmk revisions. I've added an IFD that sets the HAP bit, and unlocks regions as standard. vcfg is set to 3050micro, which defines downloading of the MEv11 image and it will run deguard automatically. I made a small adjustment to vendor.sh, because the hotpatch logic for deguard uses -C in git, and when doing that, the specified directory path is relative to that Git repository; the .patch path has been adjusted accordingly. Also add 3rdparty/fsp to coreboot/default modules. This board requires the ifdtool option: -p sklkbl The -p option tells flashrom what quirks are present in a given IFD. We don't normally need this on other Libreboot targets that we currently support. The -p option was needed for creating this modified IFD, and it is therefore needed in the inject script. Therefore, an "IFD_platform" option is specified in a given board's target.cfg file. If this is set, another variable is set that makes -p be used. In this case, 3050's target.cfg says: IFD_platform="sklkbl" This option enables quirks for skylake/kabylake descriptors, as required when using ifdtool. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-09-24Add deguard logic for Dell OptiPlex 3050 MicroLeah Rowe
Copy the downloaded deguard source code into appdir, and patch it to run as part of lbmk, instead of standalone. The archived one in src/ is not directly used; instead, the hotpatched version is used. This is because the standalone version already has download logic for the .zip file, but we already cache that file in cache/ and use that. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-09-05Revert "vendor.sh: print extract errors to /dev/null"Leah Rowe
This reverts commit 72fa467cb79f7c42d61434e9ff2491e235ee37f5.
2024-08-31vendor.sh: print extract errors to /dev/nullLeah Rowe
the output isn't really super critical, because it pertains to files that would just result in a coreboot build error if they didn't extract, which would still allow me to know if a given extract function failed. however, the extract function shows a lot of error output because it literally bruteforces various extract methods, when dealing with vendor files. mitigate this by just printing the errors to /dev/null. this will prevent users from erroneously thinking that lbmk is operating under error condition, when it isn't. we do sometimes get questions about it on irc. fewer questions on irc is better. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-08-11vendor.sh: use readkconfig on inject tooLeah Rowe
same as the last change. we must avoid use of make variables, in sh specifically, when handling these configuration files. Signed-off-by: Leah Rowe <info@minifree.org>
2024-08-11vendor.sh: don't load entire coreboot configsLeah Rowe
instead, only grep for the entries required, such as Intel ME paths. some variables in coreboot configs use $(), which is used in *make*, on the coreboot build system, and there refers to variables. here, we are sourcing them from sh, which treats this as a mini subshell to run a command; for example CONFIG_FOO would be executed, which is bad. The current logic still theoretically has this problem, with this patch, but the entries we scan from the configs do not currently have variable names in the strings. So: filter out just what we need, into a temporary config, when scanning for vendor files in coreboot configs, and use the temporary config. This fixes a build error when compiling for e5520_6mb. Signed-off-by: Leah Rowe <info@minifree.org>
2024-07-28lib.sh: new function mk() to handle trees in bulkLeah Rowe
single-tree projects cannot be handled in bulk, e.g. ./mk -f project1 project2 project3 that is still the case, from the shell, but internally it is now possible: mk -f project1 project2 project3 mk() is a function that simply handles the given flag, and all projects specified. it does not handle cases without argument, for example you cannot do: mk -f arguments must be provided. it can be used internally, to simplify cases where multiple single-tree projects must be handled, but *also* allows multi-tree projects to be specified, without being able to actually handle trees within that multi-tree project; so for example, you can only specify coreboot, and then it would run on every coreboot tree. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-26general code cleanup in the build systemLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-19vendor.sh: don't use XBMK_CACHE for appdiraudit6Leah Rowe
the me_extract function prefixes it with PWD in some cases, but we can't predict where appdir will point to. the "app" directory is not intended to be a cache anyway, so it doesn't make sense to put it in the cache directory. it's essentially scratch memory. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-19put cachedir in environmental variableLeah Rowe
XBMK_CACHE is now used, instead of hardcoding cache/ this is exported initialised to cache/, if unset. this means you can set your own directory, and it means ./update release will use the same directory. this means bandwidth wastage is further avoided. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-17allow using coreboot's build system to add payloadLeah Rowe
lbmk must still define payloads, but specific configs may use coreboot's build system instead. you might use this to add your own config with, say, tianocore payload, using coreboot.git to build it, rather than using lbmk's choice of payloads. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-17unified cache file handling for vendorfile/subfileLeah Rowe
lib.sh download() is used by subfile handling in git.sh, e.g. crossgcc tarballs, and also the vendor scripts. vendor files are cached, but not subfiles for repos. cache both, under cache/file/, saved with the name equal to the checksum, so: cache/file/CHECKSUM also move vendorfiles/app/ to cache/app/ in this change. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-10remove executable permission on include/Leah Rowe
files under include/ should never be executed directly Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-09trees: support -d (dry run) for custom build logicLeah Rowe
-d does the same as -b, except for actually building anything! in effect, it does the same as -f (fetch) except that the resulting variable assignments will not be recursive (as with -f). if -d is passed, configuration is still loaded, defconfig files are still cycled through, and more importantly: helper functions are still processed. the grub, serprog and coreboot helper functions have been modified to return early (zero status) if -d is passed. this behaviour will be used to integrate vendor.sh logic in with the trees script, for cases where the user wants to only handle vendor files. e.g.: ./update trees -b coreboot x230_12mb this would download the files as usual, build coreboot, with those files, and then build the payloads. but: ./update trees -d coreboot x230_12mb this would download the files, NOT build coreboot, and NOT build the payloads. this change increases the sloccount a bit, but i'm relying on the fact that the vendor.sh script already re-implements config handling wastefully; the plan is to only use trees. for now, simply stub the same ./vendor download command. there is one additional benefit to doing it this way: this method is *per-kconfig* rather than per-target. this way, one kconfig might specify a given vendor file that is not specified in the other. although the stub still simply handles this per target, it's done in premake, which means that the given .config file has been copied. this means that when i properly re-integrate the logic into script/trees, i'll be able to go for it per-kconfig. the utils command has been removed, e.g. ./update trees -b coreboot utils default the equivalent is now: ./update trees -d coreboot default this would technically download vendor files, but here we are specifying a target for which no kconfigs exist; a check is also in place, to avoid running the vendor file download logic if tree==target the overall effect of this change is that the trees script no longer contains any project-specific logic, except for the crossgcc build logic. it does include some config/data mkhelper files at the top, for serprog and coreboot, so that those variables defined in those files can be global, but another solution to mitigate that will also be implemented in a future commit. the purpose of this and other revisions (in the final push to complete lbmk audit 6 / cbmk audit 2) is to generalise as much logic as possible, removing various ugly hacks. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-07-07rom.sh: new file, to replace script/romsLeah Rowe
stub it from the trees script. the way it works now, there is less code in the build system. ./build roms this is no longer a thing ./build roms serprog this is also no longer a thing. instead, do: ./update trees -b coreboot targetnamehere ./update trees -b pico-serprog ./update trees -b stm32-vserprog the old commands still works, which causes the new commands to run coreboot roms now appear in elf/, not bin/, as before, but those images now contain payloads. NOTE: to contradict the above: ./build roms is no longer a thing, in that it's now deprecated, but backward compatibility is present for now. it will be removed in a future release. ./build roms list also still works! it will do: ./update trees -b coreboot list also: ./update trees -b grub list this is now possible too if a target "list" is provided, for multi-tree sources, the targets are shown. there is another difference: seagrub roms are now seagrub_, instead of seabios_withgrub. seabios-only roms are no longer provided, where grub is also enabled; only seagrub is used. the user can easily remove the bootorder file, if they want seabios to not try grub first. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-30vendor.sh: remove mkdirs()Leah Rowe
merge it into the only calling function Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh readcfg: split the -b coreboot commandLeah Rowe
just add a line break to make the code more readable Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: remove unnecessary checkLeah Rowe
the next command is a copy, which would give us the error if the file doesn't exist, and an appropriate message Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: condense inject() a bitLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh extract_kbc1126: use quote on file checkLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh extract_kbc1126ec: simplify build checkLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: simplify e6400 vga rom file checkLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: simplify variable checks for e6400vgaLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: condense fetch() a bit moreLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: remove unnecessary checkLeah Rowe
this is over-engineering, because we do not allow just about any path to be provided; it's not provided as an argument in a command, for example. this is dictated by a configuration file, which we control. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: simplify kbc1126 util handlingLeah Rowe
we don't need to check whether the binary exists, because make already does that for us. we still need to check that the directory exists, because older versions of coreboot did not include kbc1126, and we do still use older coreboot revisions on some boards. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: simplify bootstrap() utils handlingLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: simplified initialisation of _7ztestLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: condense detect_board() a bitLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: condense patch_rom() a bitLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: add return to end of bootstrap()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: rename getcfg() to readkconfig()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: merge cfgutils() into readcfg()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: remove build_dependencies_inject()Leah Rowe
merge it into vendor_inject() Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: simplify initialisation of variablesLeah Rowe
also unify handling of cbutils Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh inject: skip serprog targetsLeah Rowe
this is to prevent a fault condition during automated testing Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29vendor.sh: don't inject /dev/nullLeah Rowe
if injection is attempted, verification comes next, and verification fails. this happens for kcma/kgpe amd boards, where pike2008 fake roms are inserted by inserting the correct pci ids using /dev/null as a source. an empty pike2008 rom prevents seabios from loading the real pci rom, and this is done because the real one hangs SeaBIOS. a similar fix was made for ./vendor download, but overlooked for ./vendor inject. this patch fixes that. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28vendor.sh: simplify inject()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28vendor.sh: clean up GbE handlingLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28vendor.sh: condense fetch() a bitLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>