#!/usr/bin/env sh
# SPDX-License-Identifier: GPL-2.0-only

# Forked from util/chromeos/crosfirmware.sh in coreboot cfc26ce278. Changes to
# it in this version are exclusively by Leah Rowe, copyright as of 2021 and
# 2023, on top of original coreboot copyright auditable in coreboot.git.

[ "x${DEBUG+set}" = 'xset' ] && set -v
set -u -e

. "include/err.sh"

export PATH="${PATH}:/sbin"

# use updated manifest from wayback machine, when updating mrc.bin,
# and update the other variables below accordingly. current manifest used:
# https://web.archive.org/web/20210211071412/https://dl.google.com/dl/edgedl/chromeos/recovery/recovery.conf

# the wayback machine is used so that we get the same manifest. google
# does not seem to version the manifest, but archives are available

# variables taken from that manifest:

_board="peppy"
_file="chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin"
_url="https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip"
_url2="https://web.archive.org/web/20200516070928/https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip"
_sha512sum="340a1cd41136a3ba0de9d306db0e65f51640a2efe63aee9934f326b276adc1af0a2df80c0731c5a749161ec32546909eedfa8ba95801faeb5dcfe1aa4e0840c7"
_mrc_complete_hash="e5b6d510a5fdb6a7ba0027588dbceef363a2bf30255e9222020abbe71468822f49962d423d872cc05b37098682281c016445f6aa20f88351a134facfe5f70d5b"
_mrc_complete="mrc/haswell/mrc.bin"

# NOTE: the checksums, defined above, are actually sha-2 (sha512sum)
# but google only defines sha1 and md5. we verify with sha1sum, but then
# we use sha512sum in lbmk

cbdir="coreboot/default"
cbfstool="cbutils/default/cbfstool"

sname=""

main()
{
	sname=${0}
	printf "Downloading Intel MRC blobs\n"

	check_existing || return 0
	build_dependencies
	fetch_mrc || err "could not fetch mrc.bin"
}

check_existing()
{
	[ -f "${_mrc_complete}" ] || \
		return 0
	printf "found existing mrc.bin\n" 1>&2
	[ "$(sha512sum "${_mrc_complete}" | awk '{print $1}')" \
	    = "${_mrc_complete_hash}" ] && \
		return 1
	printf "hashes did not match, starting over\n" 1>&2
}

build_dependencies()
{
	[ -d "${cbdir}/" ] || ./update project trees coreboot default || \
	    err "build_dependencies: cannot fetch coreboot/default"
	./build coreboot utils default || \
	    err "build_dependencies: cannot build cbutils/default"
}

fetch_mrc()
{
	mkdir -p mrc/haswell/ || err "fetch_mrc: !mkdir mrc/haswell"

	(
	cd mrc/haswell/ || err "fetch_mrc: !cd mrc/haswell"

	download_image "${_url}" "${_file}" "${_sha512sum}"
	[ -f ${_file} ] || \
		download_image "${_url2}" "${_file}" "${_sha512sum}"
	[ -f $_file ] || \
		err "fetch_mrc: ${_file} not downloaded / verification failed."

	extract_partition ROOT-A "${_file}" root-a.ext2
	extract_shellball root-a.ext2 chromeos-firmwareupdate-${_board}

	extract_coreboot chromeos-firmwareupdate-${_board}

	../../"${cbfstool}" coreboot-*.bin extract -f mrc.bin -n mrc.bin \
	    -r RO_SECTION || err "fetch_mrc: could not fetch mrc.bin"
	rm -f "chromeos-firmwareupdate-${_board}" coreboot-*.bin \
	    "${_file}" "root-a.ext2" || err "fetch_mrc: cannot remove files"

	printf "\n\nmrc.bin saved to ${_mrc_complete}\n\n"
	)
}

download_image()
{
	url=${1}
	_file=${2}
	_sha512sum=${3}

	printf "Downloading recovery image\n"
	curl --retry 3 "$url" > "$_file.zip" || err "download_image: curl failed"
	printf "Verifying recovery image checksum\n"
	if [ "$(sha512sum "${_file}.zip" | awk '{print $1}')" = "${_sha512sum}" ]
	then
		unzip -q "${_file}.zip" || err "download_image: cannot unzip"
		rm -f "${_file}.zip" || err "download_image: can't rm zip {1}"
		return 0
	fi
	rm -f "${_file}.zip" || err "download_image: bad hash, and can't rm zip"
	err "download_image: Bad checksum. Recovery image deleted"
}

extract_partition()
{
	NAME=${1}
	FILE=${2}
	ROOTFS=${3}
	_bs=1024

	printf "Extracting ROOT-A partition\n"
	ROOTP=$( printf "unit\nB\nprint\nquit\n" | \
	    parted "${FILE}" 2>/dev/null | grep "${NAME}" )

	START=$(( $( echo ${ROOTP} | cut -f2 -d\ | tr -d "B" ) ))
	SIZE=$(( $( echo ${ROOTP} | cut -f4 -d\ | tr -d "B" ) ))

	dd if="${FILE}" of="${ROOTFS}" bs=${_bs} skip=$(( ${START} / ${_bs} )) \
	    count=$(( ${SIZE} / ${_bs} )) || \
	    err "extract_partition: can't extract root file system"
}

extract_shellball()
{
	ROOTFS=${1}
	SHELLBALL=${2}

	printf "Extracting chromeos-firmwareupdate\n"
	printf "cd /usr/sbin\ndump chromeos-firmwareupdate ${SHELLBALL}\nquit" \
	    | debugfs "${ROOTFS}" || err "extract_shellball: debugfs"
}

extract_coreboot()
{
	_shellball=${1}
	_unpacked=$( mktemp -d )

	printf "Extracting coreboot image\n"

	[ -f "${_shellball}" ] || \
	    err "extract_coreboot: shellball missing in google peppy image"

	sh "${_shellball}" --unpack "${_unpacked}" || \
	    err "extract_coreboot: shellball exits with non-zero status"

	# TODO: audit the f* out of that shellball, for each mrc version.
	# it has to be updated for each mrc update. we should ideally
	# implement the functionality ourselves.

	[ -f "${_unpacked}/VERSION" ] || \
	    err "extract_coreboot: VERSION file missing on google coreboot rom"

	_version=$( cat "${_unpacked}/VERSION" | grep BIOS\ version: | \
	    cut -f2 -d: | tr -d \  )

	cp "${_unpacked}/bios.bin" "coreboot-${_version}.bin" || \
	    err "extract_coreboot: cannot copy google peppy rom"
	rm -Rf "${_unpacked}" || \
	    err "extract_coreboot: cannot remove extracted google peppy archive"
}

main $@