From a4328cb11f927c3cceb01dcaf4d7fc7632076119 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Fri, 14 Jun 2024 14:01:42 +0100 Subject: roms: remove dangerous runtime p/s/d options p = payload s = grub_scan_disk d = displaymode setting the payload is no longer safe, due to issue 216 and similar issues that might pop up in the future; it's best left only to target.cfg, per board, so that we know what config is safe/tested. don't let the user override it. scandisk isn't safe to override because the given machine may not have the type of device that the user specifies displaymode is actually ok to set, because it simply whitelists what configs pre-existing to actually use, but it's bloat basically, the rule is this: don't make it easy for the user to brick their hardware. make it harder instead. a user wily enough to go modifying their payload will probably have read docs/maintain/ anyway and knows how to edit target.cfg if they want another board configuration. Signed-off-by: Leah Rowe --- script/roms | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/script/roms b/script/roms index 3890eddc..caa37a55 100755 --- a/script/roms +++ b/script/roms @@ -24,15 +24,14 @@ pv="$pv payload_seabios_withgrub payload_seabios_grubonly payload_grub mt86bin" v="romdir cbrom initmode displaymode cbcfg targetdir tree keymaps release" v="$v grub_timeout ubdir board grub_scan_disk uboot_config grubtree grubelf" eval "$(setvars "n" $pv)" -eval "$(setvars "" $v boards opt_d opt_p opt_k targets serprog_boards_dir opt_s)" +eval "$(setvars "" $v boards opt_k targets serprog_boards_dir)" main() { while [ $# -gt 0 ]; do - if [ "$1" = "-d" ] || [ "$1" = "-p" ] || [ "$1" = "-k" ] || \ - [ "$1" = "-s" ]; then + if [ "$1" = "-k" ]; then [ $# -lt 2 ] && $err "$1: option not specified" - eval "opt_$1=\"$2\""; shift 2 + opt_k="$2" elif [ "$1" = "serprog" ]; then shift 1; handle_serprog $@; return 0 elif [ "$1" = "list" ]; then @@ -145,7 +144,6 @@ configure_target() # Override the above defaults using target.cfg . "$targetdir/target.cfg" - [ -n "$opt_s" ] && grub_scan_disk="$opt_s" [ -z "$grub_scan_disk" ] && grub_scan_disk="nvme ahci ata" eval "$(setvars "" _ata _ahci _nvme _grub_scan_disk)" @@ -188,14 +186,7 @@ configure_target() [ "$payload_uboot" != "n" ] && [ "$payload_uboot" != "y" ] && \ payload_uboot="n" [ "$payload_uboot" = "y" ] && [ -z "$uboot_config" ] && \ - uboot_config="default" - - # Override all payload directives with cmdline args - [ -z "$opt_p" ] && return 0 - eval "$(setvars "n" payload_grub payload_memtest payload_seabios \ - payload_seabios_withgrub payload_uboot payload_grub_withseabios \ - payload_seabios_grubonly)" - eval "payload_$opt_p=y" + uboot_config="default"; return 0 } build_payloads() @@ -250,7 +241,6 @@ build_target_mainboard() hmode="vesafb" [ "$initmode" = "vgarom" ] || hmode="corebootfb" modes="$hmode txtmode" - [ -z "$opt_d" ] || modes="$opt_d" for y in $modes; do displaymode="$y" [ "$initmode" = "normal" ] && \ @@ -336,7 +326,7 @@ build_grub_roms() tmpcfg="$(mktemp -t coreboot_rom.XXXXXXXXXX)" printf "set grub_scan_disk=\"%s\"\n" "$grub_scan_disk" > "$tmpcfg" || \ - $err "set grubopt_s, $grub_scan_disk, $tmpcfg" + $err "set grub_scan_disk, $grub_scan_disk, $tmpcfg" x_ "$cbfstool" "$tmprom" add -f "$tmpcfg" -n scan.cfg -t raw printf "set timeout=%s\n" "$grub_timeout" > "$tmpcfg" || \ $err "set timeout, $grub_timeout, $tmpcfg" -- cgit v1.2.1