#!/usr/bin/env sh # SPDX-License-Identifier: GPL-3.0-only # SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com> # SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com> # SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org> . "include/err.sh" . "include/blobutil.sh" . "include/option.sh" release_archive="n" main() { [ $# -lt 1 ] && err "No options specified." [ "${1}" = "listboards" ] && \ listitems config/coreboot && exit 0 archive="${1}" while getopts r:b:m: option do case "${option}" in r) rom=${OPTARG} ;; b) board=${OPTARG} ;; m) modifygbe=true new_mac=${OPTARG} ;; esac done check_board build_dependencies inject_blobs printf "Friendly reminder (this is *not* an error message):\n" printf "Please always ensure that the files were inserted correctly.\n" printf "Read: https://libreboot.org/docs/install/ivy_has_common.html\n" } check_board() { if ! check_release "${archive}" ; then [ -f "${rom}" ] || \ err "check_board: \"${rom}\" is not a valid path" [ -z ${rom+x} ] && \ err "check_board: no rom specified" [ ! -z ${board+x} ] || \ board=$(detect_board "${rom}") else release=true releasearchive="${archive}" board=$(detect_board "${archive}") fi boarddir="${cbcfgsdir}/${board}" if [ ! -d "${boarddir}" ]; then err "check_board: board ${board} not found" fi } check_release() { [ -f "${archive}" ] || return 1 [ "${archive##*.}" = "xz" ] || return 1 printf "%s\n" "Release archive ${archive} detected" } # This function tries to determine the board from the filename of the rom. # It will only succeed if the filename is not changed from the build/download detect_board() { path="${1}" filename=$(basename ${path}) case ${filename} in grub_*) board=$(echo "${filename}" | cut -d '_' -f2-3) ;; seabios_withgrub_*) board=$(echo "${filename}" | cut -d '_' -f3-4) ;; *.tar.xz) _stripped_prefix=${filename#*_} board="${_stripped_prefix%.tar.xz}" ;; *) err "detect_board: could not detect board type" esac [ -d "${boarddir}/" ] || \ err "detect_board: dir, ${boarddir}, doesn't exist" printf "%s\n" "${board}" } build_dependencies() { [ -d "${cbdir}" ] || ./update project trees coreboot default || \ err "build_dependencies: could not download coreboot/default" ./build coreboot utils default || \ err "build_dependencies: could not build cbutils" ./update blobs download ${board} || \ err "build_dependencies: Could not download blobs for ${board}" } inject_blobs() { release_archive="n" if [ "${release}" = "true" ]; then printf "patching release file\n" release_archive="y" patch_release_roms else patch_rom "${rom}" || \ err "inject_blobs: could not patch ${x}" fi } patch_release_roms() { _tmpdir="tmp/romdir" rm -Rf "${_tmpdir}" || err "patch_release_roms 1: can't prepare tmpdir" mkdir -p "${_tmpdir}" || err "patch_release_roms: can't make tmpdir" tar -xf "${releasearchive}" -C "${_tmpdir}" || \ err "patch_release_roms: could not extract release archive" for x in "${_tmpdir}"/bin/*/*.rom ; do printf "patching rom: %s\n" "$x" patch_rom "${x}" || err "patch_release_roms: could not patch ${x}" done for x in "${_tmpdir}"/bin/*/*_nomicrocode.rom ; do [ -f "${x}" ] || continue [ -f "${x%_nomicrocode.rom}.rom" ] || continue cp "${x%_nomicrocode.rom}.rom" "${x}" || \ err "patch_release_roms: ${x}: can't overwrite no-ucode rom" "${cbfstool}" "${x}" remove -n cpu_microcode_blob.bin || \ err "patch_release_roms: ${x}: cannot remove u-code" done ( cd "${_tmpdir}"/bin/* # NOTE: For compatibility with older rom releases, defer to sha1 sha512sum --status -c blobhashes || \ sha1sum --status -c blobhashes || \ err "patch_release_roms: ROMs did not match expected hashes" ) if [ "${modifygbe}" = "true" ]; then for x in "${_tmpdir}"/bin/*/*.rom ; do modify_gbe "${x}" done fi [ -d bin/release ] || mkdir -p bin/release || \ err "patch_release_roms: !mkdir -p bin/release" mv "${_tmpdir}"/bin/* bin/release/ || \ err "patch_release_roms: !mv ${_tmpdir}/bin/* bin/release/" printf "Success! Your ROMs are in bin/release\n" rm -Rf "${_tmpdir}" || err "patch_release_roms: !rm -Rf ${_tmpdir}" } patch_rom() { rom="${1}" # we don't process no-microcode roms; these are # instead re-created at the end, after re-inserting # on roms with microcode, by copying and then removing, # so that the hashes will match (otherwise, cbfstool # may sometimes insert certain blobs at the wrong offset) # (unless nomicrocode is the only config provided) [ "${rom}" != "${rom%_nomicrocode.rom}.rom" ] && \ [ -f "${rom%_nomicrocode.rom}.rom" ] && \ [ "${release_archive}" = "y" ] && return 0 check_defconfig "${boarddir}" || exit 1 set -- "${boarddir}/config/"* . "${1}" 2>/dev/null [ "$CONFIG_HAVE_MRC" = "y" ] && \ inject_blob_intel_mrc "${rom}" [ "${CONFIG_HAVE_ME_BIN}" = "y" ] && \ inject_blob_intel_me "${rom}" [ "${CONFIG_KBC1126_FIRMWARE}" = "y" ] && \ inject_blob_hp_kbc1126_ec "${rom}" [ "${CONFIG_VGA_BIOS_FILE}" != "" ] && \ [ "${CONFIG_VGA_BIOS_ID}" != "" ] && \ inject_blob_dell_e6400_vgarom_nvidia "${rom}" [ "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" = "y" ] && \ [ "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" != "" ] && \ inject_blob_smsc_sch5545_ec "${rom}" [ "${modifygbe}" = "true" ] && ! [ "${release}" = "true" ] && \ modify_gbe "${rom}" printf "ROM image successfully patched: %s\n" "${rom}" } inject_blob_intel_mrc() { rom="${1}" printf "adding mrc\n" # mrc.bin must be inserted at a specific offset. the only # libreboot platform that needs it, at present, is haswell # in cbfstool, -b values above 0x80000000 are interpreted as # top-aligned x86 memory locations. this is converted into an # absolute offset within the flash, and inserted accordingly # at that offset into the ROM image file # coreboot's own build system hardcodes the mrc.bin offset # because there is only one correct location in memory, but # it would be useful for lbmk if it could be easily scanned # from Kconfig, with the option to change it where in practise # it is not changed # the hardcoded offset below is based upon reading of the coreboot # source code, and it is *always* correct for haswell platform. # TODO: this logic should be tweaked to handle more platforms "${cbfstool}" "${rom}" add -f mrc/haswell/mrc.bin -n mrc.bin -t mrc \ -b 0xfffa0000 || err "inject_blob_intel_mrc: cannot insert mrc.bin" } inject_blob_intel_me() { printf "adding intel me firmware\n" rom="${1}" [ -z ${CONFIG_ME_BIN_PATH} ] && \ err "inject_blob_intel_me: CONFIG_ME_BIN_PATH not set" _me_location=${CONFIG_ME_BIN_PATH#../../} [ ! -f "${_me_location}" ] && \ err "inject_blob_intel_me: per CONFIG_ME_BIN_PATH: file missing" "${ifdtool}" -i me:"${_me_location}" "${rom}" -O "${rom}" || \ err "inject_blob_intel_me: cannot insert me.bin" } inject_blob_hp_kbc1126_ec() { rom="${1}" _ec1_location="${CONFIG_KBC1126_FW1#../../}" _ec1_offset="${CONFIG_KBC1126_FW1_OFFSET}" _ec2_location="${CONFIG_KBC1126_FW2#../../}" _ec2_offset="${CONFIG_KBC1126_FW2_OFFSET}" printf "adding hp kbc1126 ec firmware\n" if [ "${_ec1_offset}" = "" ] || [ "${_ec1_offset}" = "" ]; then err "inject_blob_hp_kbc1126_ec: ${board}: offset not declared" fi if [ "${_ec1_location}" = "" ] || [ "${_ec2_location}" = "" ]; then err "inject_blob_hp_kbc1126_ec: ${board}: EC path not declared" fi if [ ! -f "${_ec1_location}" ] || [ ! -f "${_ec2_location}" ]; then err "inject_blob_hp_kbc1126_ec: ${board}: ecfw not downloaded" fi "${cbfstool}" "${rom}" add -f "${_ec1_location}" -n ecfw1.bin \ -b ${_ec1_offset} -t raw || \ err "inject_blob_hp_kbc1126_ec: cannot insert ecfw1.bin" "${cbfstool}" "${rom}" add -f "${_ec2_location}" -n ecfw2.bin \ -b ${_ec2_offset} -t raw || \ err "inject_blob_hp_kbc1126_ec: cannot insert ecfw2.bin" } inject_blob_dell_e6400_vgarom_nvidia() { rom="${1}" _vga_location="${CONFIG_VGA_BIOS_FILE#../../}" _vga_dir="${_vga_location%/*}" _vga_filename="${_vga_location##*/}" printf "adding pci option rom\n" if [ "${_vga_dir}" != "${pciromsdir}" ]; then err "inject_blob_dell_e6400vga: invalid pcirom dir: ${_vga_dir}" fi if [ ! -f "${_vga_location}" ]; then err "inject_blob_dell_e6400vga: ${_vga_location} doesn't exist" fi "${cbfstool}" "${rom}" add -f "${_vga_location}" \ -n "pci${CONFIG_VGA_BIOS_ID}.rom" -t optionrom || \ err "inject_blob_dell_e6400vga: cannot insert vga oprom" } inject_blob_smsc_sch5545_ec() { rom="${1}" _sch5545ec_location="${CONFIG_SMSC_SCH5545_EC_FW_FILE#../../}" if [ ! -f "${_sch5545ec_location}" ]; then err "inject_blob_smsc_sch5545_ec: SCH5545 fw missing" fi "${cbfstool}" "${rom}" add -f "${_sch5545ec_location}" \ -n sch5545_ecfw.bin -t raw || \ err "inject_blob_smsc_sch5545_ec: can't insert sch5545_ecfw.bin" } modify_gbe() { printf "changing mac address in gbe to ${new_mac}\n" rom="${1}" [ -z ${CONFIG_GBE_BIN_PATH} ] && \ err "modify_gbe: ${board}: CONFIG_GBE_BIN_PATH not set" _gbe_location=${CONFIG_GBE_BIN_PATH#../../} [ -f "${_gbe_location}" ] || \ err "modify_gbe: CONFIG_GBE_BIN_PATH points to missing file" [ -f "${nvmutil}" ] || \ make -C util/nvmutil || err "modify_gbe: couldn't build nvmutil" _gbe_tmp=$(mktemp -t gbeXXXX.bin) cp "${_gbe_location}" "${_gbe_tmp}" "${nvmutil}" "${_gbe_tmp}" setmac "${new_mac}" || \ err "modify_gbe: ${board}: failed to modify mac address" "${ifdtool}" -i GbE:"${_gbe_tmp}" "${rom}" -O "${rom}" || \ err "modify_gbe: ${board}: cannot insert modified gbe.bin" rm -f "${_gbe_tmp}" || err "modify_gbe: can't remove ${_gbe_tmp}" } usage() { cat <<- EOF USAGE: ./update blobs inject -r [rom path] -b [boardname] -m [macaddress] Example: ./update blobs inject -r x230_12mb.rom -b x230_12mb Adding a macadress to the gbe is optional. If the [-m] parameter is left blank, the gbe will not be touched. Type './update blobs inject listboards' to get a list of valid boards EOF } main $@