summaryrefslogtreecommitdiff
path: root/script/update/blobs/inject
AgeCommit message (Collapse)Author
2023-09-09blobs/inject: add error condition on rm commandLeah Rowe
this was overlooked, earlier on in lbmk audit 2 Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-09blobs/inject: fix checksum validation if no-ucodeLeah Rowe
on e6400_4mb, the release build scripts remove nvidia's vga rom which is used on dgpu models. however, microcode is also removed in separately copied rom images the inject script was inserting vgaroms directly into these no-microcode roms, but the microcode blob is bigger than the vga rom, and cbfstool inserts into the first available free spot within cbfs, so it was inserting into the spot where cpu microcode went. this caused the rom checksum to not match what was generated during build/release/roms being executed the only real fix is to guarantee offsets within cbfs for all files, by recording what offsets were used and then calculating that during insertion so this patch is a workaround, but fixes the issue. the workaround is: don't insert blobs directly on no-microcode roms, instead insert only on microcode-based roms, then re-copy those roms and remove microcode in aptly named copies it's a bit more convoluted, but works perfectly fine. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-09use sha512sum to check downloads, not sha1sumLeah Rowe
sha-1 has known collision issues, which may not be readily exploitable yet (in our context), but we should ideally use a more secure method for checking file integrity. therefore, use sha-2 (sha512sum) for checking files. this is slower than sha-1, but checksum verification is only a minor part of what lbmk does, so the overall effect on build times is quite negligible. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-05update/blobs/inject: use tmp/romdir, not TMPDIRLeah Rowe
we are copying large numbers of ROM images, and the host system may have /tmp under a tmpfs; that same host system may or may not have a lot of memory. respect the user's machine. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-04update/blobs: unify global variablesLeah Rowe
they all more or less use the same variables, so put them all under include/blobutil.sh Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-04update/blobs/*: unify checking of defconfig filesLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-04update/blobs/inject: remove errant target handlingLeah Rowe
just like the last patch, target.cfg handling is not required in this script either. remove it. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-04merge config/ and resources/Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-02coreboot/e6400: support nvidia modelsLeah Rowe
The same ROM images that you flash on Intel GPU variants, are now flashed on Nvidia models. The same ROM will work on both. If an Intel GPU variant is present, libgfxinit is used, and the VGA ROM is used if an Nvidia GPU variant; however, release ROMs will scrub the nvidia option ROM, so release ROMs will only work on Intel GPUs unless you run the blobutil inject command. I decided to no longer have this under WIP, but to put it in master. The issue with it pertains to video drivers, which is not Libreboot's problem. Nouveau crashes under Linux, so use "nomodeset" if it does. The "nv" drivers in BSD systems work very well. The nvidia model of E6400 isn't recommended for other reasons, namely: poor thermal cooling (thermal pad on the GPU) and that Nvidia GPU doesn't get very good performance on any libre drivers anyway. The Intel GPU variant is better, in terms of power efficiency and software support; the intel variant also works with native graphics initialisation in coreboot. This board port already only enables SeaBIOS, which will simply execute the VGA ROM. Blobutil already supports reading the config, detecting that a VGA ROM is needed, because that part of the WIP E6400 branch was already merged in lbmk master. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-01handle project downloads in main lbmk scriptLeah Rowe
this means the unified /tmp handling is now provided for in both the former "fetch" and "fetch_trees" script, which are now (respectively): ./update project repo ./update project trees if the fetch scripts weren't cleaning /tmp before, they now are, because lbmk handles it Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-31re-add /dev/null redirect on . ${1}Leah Rowe
the error messages that it shows are benign, but users see them and worry that something went wrong this patch reduces the number of people asking pointless questions on irc Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-27move resources/scripts/ to script/Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>