| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, some files from a previous me.bin scan
might still be there, which could lead to the wrong
me.bin being found.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this file being deleted was never created.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the newer way handles escaped characters better, and it
can be nested more easily. it's also more readable.
personally, i prefer the old way, because it's more
minimalist, but it occurs to me that a lot of people
nowadays don't know about backticks, but they do know
of the modern way.
to make the code more readable, i have modernised it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit 69934d18cc5fa93cdf5dd24ac36e9cb4b3cd364a.
|
|
This reverts commit 4c74311eae6c25d082735532471da248596182c9.
|
|
do away with redundant variable "vendir"
the "appdir" directory is for files extracted from
vendor updates, which are then further processed to
create the real files that we need, such as me.bin
images processed via me_cleaner.
thus, appdir should go in xbtmp.
the appdir currently clutters vendorfiles/, which is
not ideal.
we want it to be that the vendorfiles/ directory only
contains the final firmwares.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
XBMK_CACHE (cache/) is meant for permanently cached
files, not temporary files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit c9a81292e5cfa99de2fdbe20e6a6c9da154c6d7d.
This never caused actual issues. Keep it strict.
|
|
i added a stricter check recently, but this broke
extraction on fresh lbmk clones, tested when doing
a release-build test.
loosen it up again, but only for find_me
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we no longer separate them. xbloc was the on-disk
tmp directory, whereas xbtmp used to be in /tmp
which we assumed to be tmpfs (it may not be, but
often is on many workstation setups - and our
documentation recommended doing this).
as mentioned in the previous commit, benchmarking
shows little speed difference using tmpfs /tmp
versus on-disk /tmp, for our purposes at least.
therefore, the handling of tmp files is being
greatly simplified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
setting a variable in this way will never result in
an error. this is a relic from a prior re-factoring
versus older versions of the code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
set - as soon as possible, for example in the extract_me
function.
we only turn off error handling when certain error-prone
tasks are performed, and mitigations are in place after
these commands run to make sure that the result was valid.
this is because in some cases, we want certain buggy behaviours
to be permitted, with errors handled in a more fine-tuned way,
because sh can sometimes be much stricter depending on the
implementation; otherwise, we almost always rely on -e -u in
most of the build system.
this mainly affects the vendorfile insertion logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
too many chained commands. break it out a bit.
this makes it more readable, without changing behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i overlooked this one in the previous commit
there is always one.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not elf/UTIL/TREE
This way, they are automatically deleted when a tree
has to be re-built.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
shorten them
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the checks at the end of the function are mostly
superfluous, because bad_checksum() is immediately
called just beforehand, and performs the same checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit fb7aaa78bb080a473bdf0edf449bf08045e8366c.
it caused a few issues. will re-do later
the old code isn't really broken, just inefficient, because
several files are scanned twice, but in practise the overhead
isn't that great
The error occurs sometimes, when bruteforcing me.bin:
ERROR ./mk: Unhandled error for: mv /home/user/lbmk/tmp/me.bin /home/user/lbmk/cache/tmpdl/check
This revert should fix the issue, for now.
|
|
i'm adding characters to 7ztest, which isn't being passed
on through because everything runs in subshells; the next
pass would default back to the original string, so a given
file may be checked multiple times.
fix this by mitigation; use the random string from mktemp
as a suffix instead.
in practice, this has not affected performance much, but it
will nevertheless avoid unnecessary work by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
just call it "nuke". this is what tells whether to remove
vendor files from an archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Also, provide more ample warning to the user
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
On release archives, I overlooked the previous change to
downloads, during the recent implementation of extra safety
checks. I previously checked there whether the variable named
CONFIG_KBC1126_FIRMWARE was defined, and grabbed both; now I
check CONFIG_KBC1126_FW1 and CONFIG_KBC1126_FW2 separately,
grabbing each file separately.
This patch replicates that change for insertions. Otherwise,
hash verification on ROM images will fail, when running the
inject script on release images.
Downloading was being done, reliably, and the extracted files
were correct, so there was no danger if the user was building
from source and flashing that way.
However, checksum verification on full images failed when
inserting into archives. This is not because the files were
wrong; they were *correct*. However, the EC firmware was not
being inserted *at all* on HP EliteBooks, because of this
oversight. The check is now based on whether the paths to
the files themselves are defined, not whether EC firmware
is enabled in the coreboot config; the latter is implied.
With this patch, vendor file insertion once again works
perfectly, without error, on every board. There was no real
danger for users, just a minor inconvenience. Sorry!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the exit from mkdst can also be non-zero if mv or cp
failed, but there's no way to handle that reliably.
therefore, the checksum verification should be done
one final time, to compensate.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
I currently check the downloaded files e.g. .exe file, but
then I don't check - or even define - sha512sums for the
files extracted from them e.g. me.bin
This patch fixes that. It also caches the hashed files, so
that extraction is faster on a re-run - this makes release
builds go faster, when running ./mk release
If a checksum is not defined, i.e. blank, then a warning is
given, telling you to check a specific directory. This way,
when adding new vendor files, you can add it first without
specifying the checksum, e.g. me.bin checksum. Then you can
manually inspect the files that were extracted, and define it,
then test again.
In a given pkg.cfg for config/vendor, the following variables
are now available for use:
FSPM_bin_hash for fsp m module
FSPS_bin_hash for fsp s module
EC_FW1_hash for KBC1126 EC firmware (1st file)
EC_FW2_hash for KBC1126 EC firmware (2nd file)
ME_bin_hash for me.bin
MRC_bin_hash for mrc.bin (broadwell boards)
REF_bin_hash for refcode (broadwell boards)
SCH5545EC_bin_hash for sch5545 firmware (Dell Precision T1650)
TBFW_bin_hash for Lenovo ThunderBolt firmware (e.g. T480/T480s)
E6400_VGA_bin_hash for Dell E6400 Nvidia VGA ROM
In practise, most people use release archives, and the
inject script, so I knew those were reliable, because the ROM
images were hashed prior to removing files. This patch benefits
people using lbmk.git directly, without using release files,
because now they know they have a valid file e.g. me.bin
Previously, only the download was checked, not the extracted
files, which meant that the only thing preventing a brick was
the code not being buggy. Any number of bugs could pop up in
the future, so this new level of integrity will protect against
such a scenario, and provide early warning prompting bug fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
they were always re-downloading every time.
i've basically re-written most of xbmkget.
there was some erroneous conditions under which
it wrongly deleted the cached file, resulting in
it being downloaded again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i don't need it. i can use fx_ instead, on functions
that previously called mk().
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is unused in cbmk.
it's only used from vendor.sh.
therefore, lbmk shall have it in vendor.sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is used here, and also needed in cbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We don't need it. The vfile variable is only used in
one place, and only once, for use with setcfg.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
split the actual bootstrapping to getvfile()
setvfile only sets the config, but then it will
call getvfile() to act on that config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i moved out more code to vendor.sh, to reduce the
amount of lbmk-only code on inject.sh
this should reduce the number of merge conflicts
even further, when cherry picking from lbmk to cbmk.
in particular, vendor file insertion is now handled
entirely through the "setvfile" function, instead
of from inject.sh, which seems counterintuitive,
but remember that inject.sh also does MAC addresses.
therefore, the inject.sh script is now primarily for
inserting MAC addresses, and handles vendor downloads
in a slightly more convoluted way, but still easy
enough to understand if you read it a bit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
to the extent feasible, keep lbmk-specific parts on
inject.sh to a minimum. this will later be used to
re-sync cbmk's inject.sh with lbmk's, because cbmk's
one doesn't handle vendor files.
the way this is designed now, with this patch, will
make cherry-picking lbmk to cbmk easier in the future,
when keeping this part of cbmk in sync with lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this matches cbmk, where inject.sh is the file name
this will make future cherry-picks of lbmk->cbmk easier
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
move them where they are used, or if they are used
in many places, move them to lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
lbmk creates TMPDIR as /tmp/xbmk_*, but it's theoretically
possible that something could re-export it by mistake.
this change retains the same initialisation, but further
use is now via a new variable "xbmktmp", that stores the
value of TMPDIR upon lbmk's initialisation of it.
this reduces the chance of such a bug in the future, as
described above, so it is a preemptive/preventative fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
code equals bugs. code that doesn't exist can't
have bugs, so it is superior by definition.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
