Age | Commit message (Collapse) | Author |
|
From now on, the following rules are available for all
mainboards, in resources/coreboot/boardname/board.cfg:
* blobs_required="n" or "y"
* microcode_required="n" or "y"
The blobs setting, if set to "n", simply renames filename.rom to
filename_noblobs.rom.
The microcode setting, if set to "n", copies the ROM (with or
without _noblobs) to filename_nomicrocode.rom (if blobs="n",
it would be filename_noblobs_nomicrocode.rom).
Where "nomicrocode" is set, ROMs with microcode will still be
provided by lbmk and in relesase, but ROMs will also be provided
alongside it that lacks any microcode updates.
If the *original* ROM already lacks microcode updates, then the
original ROM will be *renamed* to include "nomicrocode" in the name.
This is done on images for ARM platforms, for instance, where
microcode is never used whatsoever.
Example filenames now generated:
seabios_e6400_4mb_libgfxinit_corebootfb_noblobs_nomicrocode.rom
seabios_e6400_4mb_libgfxinit_corebootfb_noblobs.rom
seabios_withgrub_hp8300usdt_16mb_libgfxinit_corebootfb_colemak_nomicrocode.rom
seabios_withgrub_hp8300usdt_16mb_libgfxinit_corebootfb_colemak.rom
uboot_payload_gru_kevin_libgfxinit_corebootfb_noblobs_nomicrocode.rom
A vocal minority of people were not happy with some of the changes
made in Libreboot last year, including on existing supported
hardware from before those changes were made. I did this before the
last release, out of respect:
https://libreboot.org/news/gm45microcode.html
(re-add mitigations for no-microcode setup on GM45)
This new change is done as an further, extended courtesy. Tested
and works fine. (testing using cbfstool-print)
Actual Libreboot policy about binary blobs is nuanced. See:
https://libreboot.org/news/policy.html (reduction policy) and:
https://libreboot.org/freedom-status.html (implementation)
Well, the status page talks about descriptor vs non-descriptor
on Intel platforms, and where me_cleaner is used (on platforms
that need Intel ME firmware), it regards the descriptored setups
to be blob-free if coreboot does not require binary blobs.
In this paradigm, microcode updates are not considered to be
binary blobs, because they aren't technically software, they're
more like config files that just turn certain features on or off
within the CPU.
However, for lbmk purposes, "noblobs" means that, after the ROM
is fully ready to flash on the chip, there will be no blobs in
it (except microcode). So for example, an X200 that does not
require ME firmware is considered blob-free under this paradigm,
even though Libreboot policy regards X230 as equally libre when
me_cleaner is used; in this setup, ROMs will not contain "blobfree"
in the filename, for X230 (as one example).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit a4ea2867319471d9fe7d4ee540881e0286b4d3cf.
The licensing audit has been abandoned. I will not be re-licensing
in bulk to MIT.
I can still use MIT license on new works, e.g. utilities, but there's
really no pressing need to re-license lbmk. It's just shell scripts,
and most of what it interacts with (coreboot, grub, seabios) is GPL
anyway.
So who cares?
Ferass's patch was removed due to refusal to re-license, but the
decision to re-license has been canceled.
I'm now aiming for a quick stable release.
|
|
The primary purpose of my intense auditing has
been to improve lbmk's coding style and fix bugs
but there is a secondary purpose: know precisely
who owns what, because I want to re-license as
much as possible of lbmk under *MIT*, instead of
the current GNU licensing. MIT is vastly superior,
because it grants *actual* freedom to the user,
permits *sublicensing* and it is vastly more
compatible with other GPL combinations; for
example, MIT license is compatible with GPL2-only
whereas lbmk's current mix of GPLv3-or-later and
GPLv3-only is legally incompatible with GPLv2-only.
Re-licensing under MIT will most likely result in
more contributions to Libreboot's build system in
the future, especially as it will attract a lot
more commercial interest. Contrary to the popular
arguments, copyleft is a liability to the free
software movement and results in less code being
written; in practise, permissively licensed code
gets more public contributions, including from
commercial entities, even if companies can
theoretically make something proprietary out of
it (in practise, anyone inclined can just use the
upstream and proprietary forks almost always die).
Copyleft propaganda is fundamentally flawed. See:
<https://unixsheikh.com/articles/the-problems-with-the-gpl.html>
Anyway, I've been doing a combination of:
* Seeking permission from other copyright holders,
for re-licensing
* Deleting, or moving, other contributions; for
example, splitting certain contributions into
separate files so that originally modified files
become unencumbered. This latter solution is a
result of *code cleanup* arising from the audit.
For Ferass's contributions, I opted to seek
*permission*, and permission was denied. In full compliance
with this legal imperative, I'm acting accordingly; this
commit removes all of Ferass's changes that converted lbmk
to posix shell scripts, thus removing his copyright on the
affected files, bypassing his authority entirely. Therefore,
lbmk is largely now bash-dependent. In practise, nobody is
going to use anything other than a GNU system to build
Libreboot, because many projects that Libreboot makes use
of rely heavily on GNU; for example, coreboot's build
system makes heavy use of GNU-specific extensions in *GNU
Make*, and likely contains many bashisms. Of course,
Libreboot also compiles GNU GRUB.
I would much rather have MIT-licensed Bash scripts
than GPL-licensed posix SCL scripts.
This reverts the changes from Ferass El Hafidi,
for the following commits, with some exceptions:
* 7f5dfebf7d37c56d9c7993aaa17c59070cb5aec9
* f787044642236917c9c4dbcaa48a6b0648097db0
Exception:
download/mrc not reverted, because that was
already a fork of an existing script under
coreboot's build system, and their script was
GPLv2. i cannot/will not re-license this file
(ergo,
7f5dfebf7d37c56d9c7993aaa17c59070cb5aec9
change remains intact, on this file)
resources/scripts/build/boot/roms_helper, these changes
have been kept:
* 7e6691e9 - Add ARMv7 and AArch64 support
* dec2d720 - add myself in the build/roms_helper script
(added 2021 copyright for the change below)
* b7405656 - Workaround for grub's slow boot
^ these changes will be re-factored, splitting them
out of the file into a new file. This will be done in
a future lbmk revision. (in some cases, it makes sense
to keep a change but split it, allowing the main file to
be re-licensed without the change in it)
This is part of a much larger series of
licensing audits. It's likely that lbmk will
be posix-compliant (in its shell scripts)
again some day, because I'm planning to rewrite
most of these scripts (the ones modified in this
patch), and many of them (e.g. individual download
scripts) are subject to future deletion in a planned
overhaul of the download logic for third party
projects.
In addition: these changes are being kept (no attempt
to re-license them will be made):
* cff081c6 - Fix grub's slow boot (1 year, 5 months ago) <Vitali64>
* 4c851889 - Add macbook*1 16mb configs (1 year, 6 months ago) <Vitali64>
Ferass's work that remains will be split into dedicated
files containing them, where feasible.
In the case of grub.cfg (for GNU GRUB), I don't care
because it's a script for an engine (GRUB shell) that's
under GPL anyway, so who really cares about MIT license.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
|
|
use make -BC instead of cd
|
|
i added this in the last revision
it was put there to debug something that
i fixed before pushing
|
|
|
|
bs 12k and count 1, rather than bs 1 and count 12k
|
|
|
|
|
|
this cuttype is no longer used
lbmk creates truncated me setups now, on ifd platforms
|
|
|
|
the logic can now more or less be read chronologically
|
|
logic will be split from main into smaller
functions, in follow-up commits
|
|
consolidated some for loops
removed errant code
|
|
|
|
|
|
|
|
No more than 80 characters per line.
|
|
previously, "normal" initmode relied on the vgarom-based
seabios config, which enables option roms, but then lbmk
would insert pci-optionrom-exec 0 for vgarom, and 2 for normal
in libreboot, coreboot roms with "vgarom" in the filename do
pci option rom execution from coreboot, and "normal" roms
do execution from seabios(where seabios is the only payload
provided on normal setups)
this is because payloads like grub can also be used, on vgarom
setups, where coreboot must handle oprom execution
|
|
When using e.g. -p grub in build/boot/roms, it will
error out. This patch fixes that.
E.g.
./build boot roms t440pmrc_12mb -p grub
Seldom used feature and it was overlooked. Most people
won't use the option that triggered the error.
|
|
|
|
By making lbmk fully POSIX-compliant, it will be easier to port lbmk to
other systems implementing POSIX such as Alpine Linux and FreeBSD.
Signed-off-by: Ferass 'Vitali64' EL HAFIDI <vitali64pmemail@protonmail.com>
|
|
|
|
U-Boot runtime configuration is done with a device-tree file, which is
built alongside the executable in the upstream build system, and must be
available to U-Boot at runtime.
This device-tree is normally not linked into the default "u-boot" ELF
file. So far we have been handling it by re-creating a "u-boot.elf" from
the raw binary parts by setting REMAKE_ELF, and using that as the
coreboot payload. Unfortunately, that fails to build for x86 boards,
more specificly the "coreboot" boards upstream.
It's also possible (but discouraged) to set OF_EMBED to embed the
device-tree file into the U-Boot itself, in which case we could use the
"u-boot" file as the payload on the "coreboot" boards. Add support for
using the "u-boot" file as the payload if "u-boot.elf" doesn't exist.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
The roms_helper script skips building crossgcc-i386 if its target
directory exists. Skip it for other architectures as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
Add the coreboot-built cross-architecture toolchains to the PATH so that
modules and payloads can use them. When building for a foreign-arch
board, also export CROSS_COMPILE pointing to the appropriate prefix.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
This re-applies commit a69855f7e448 ("Build 32-bit crossgcc for AArch64
as well") which was inexplicably reverted along with unrelated changes.
Mention in a comment that building crossgcc-arm is necessary for
AArch64.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
When overriding which payloads will be built with the -p command line
argument, the roms_helper script builds the Memtest86+ payload before
checking if it should be disabled. Move the build command after the
command line override.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
When overriding which payloads will be built with the -p command line
argument, the roms_helper script doesn't disable the U-Boot payload.
Disable it in this case.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
|
|
the --nuke option in ifdtool will be used instead, to nuke
the ME regions in specific rom sets (and cbfstool will be
used to delete mrc.bin files from rom sets)
the new method being implemented is heavier on disk io, but
simplifies lbmk, and disk io could still be optimised in
the following ways:
* when copying roms from boards with ME in them, use
ifdtool --nuke to get filename.rom.new, and *move* (not copy)
filename.rom.new to the new destination (for use with tar)
* possibly modify ifdtool to make efficient use of mmap for
disk i/o; it currently loads entire roms into an allocated
buffer in memory
|
|
|
|
the intended use-case scenario was one in which vga rom initialisation
would be used, on desktop configurations, but without coreboot itself
handling vga rom initialisation, instead leaving that task to seabios
it was assumed that grub, when running on the bare metal with
build option "--with-platform=coreboot" would be able to display
like this, but it is not so when tested
in such setups (add-on gpu with grub payload), it is necessary to
extract the video bios and insert it into the coreboot rom, having
coreboot handle such execution. this is beyond the scope of lbmk,
in context of automated building, because we cannot reliably predict
things such as PCI IDs
do away with this build option entirely, for it does not serve the
intended purpose. it will be necessary to run PC GRUB instead (build
option --with-platform=i386-pc). PC GRUB can still read from CBFS,
and you could provide it as a floppy image file inside CBFS for
SeaBIOS to execute. in this setup, GRUB would function as originally
intended by the seabios_withgrub option; such a configuration is
referred to as "SeaGRUB" by the libreboot project, and experimentation
was done with it in the past, to no avail
it's better to keep things simple, in the libreboot project. simpler
for users, that is
|
|
buggy, buggy, buggy, buggy, buggy, buggy, buggy
full of bugs, these boards never worked properly. i got ripped
off with these.
now i'm ripping off the band aid
use dasharo if you want d16 stuff. i'm done with it.
|
|
osboot is now part of libreboot, and will soon shut down.
libreboot now conforms to osboot policy.
|
|
In recent coreboot versions, running distclean started to erase the
cbfstool binary we built earlier in the util/cbfstool dir via the
cbutils build script call. The coreboot build puts it in a different
directory, and the roms build script can't find it when trying to add
payloads to the roms. This doesn't make the script fail (because set -e
is stupid like that), and the build appears to succeed if you don't look
close enough to see the "cbfsutil not found" error.
Build the coreboot utils we want at the places we want them after
calling distclean, so that we can actually use cbfsutil and avoid
silently-broken roms with newer coreboot versions.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
This enables embedding U-Boot into the coreboot roms as the payload. For
now, the ELF file generated by enabling CONFIG_REMAKE_ELF is used, which
includes the U-Boot binary and the board-specific device-tree file. It
might be better to use the FIT payload support for U-Boot, but that was
reportedly broken and is not tested yet.
Coreboot boards can specify payload_uboot="y" in their board.cfg to
enable building a rom with U-Boot as the payload, which is built from
the U-Boot board with the same name. Boards can further specify a
uboot_config option, to choose which board-specific config file U-Boot
should be built with.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
The 32-bit ARM cross compiler toolchain is used to build parts of
arm-trusted-firmware needed by AArch64 boards, compile the toolchain for
those boards as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
The code that compiles coreboot crossgcc changes the working directory
to the coreboot directory, and the following code cannot find the lbmk
scripts that it needs to run. Compile ARMv7 and AArch64 cross compilers
in a subshell like in the x86 case so the rest of the script can work.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
just set it to the default, instead
|
|
or was used, instead of and
|
|
|
|
tianocore is a liability for the libreboot project. it's a bloated mess, and
unreliable, broken on many boards, and basically impossible to audit.
i don't trust tianocore, so i'm removing it.
|