handle errors on sha512sum - also handle awk errors inside
the mini subshell, and provide overall error handling.
we know that the project.hash file should always exist, and
always be read no matter what; technically, the find command
that proceeds it might not yield any results, but an empty
file would then be produced.
the edge case of an empty file would have lead to an error
beforehand, when configuring the project in function,
configure_project(), so we've already got that covered.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when reading old_pjhash, we need to error out where a read
error occurs. such an error is unlikely, but could occur under
certain edge cases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't do no-op if it fails; fall back to "clean" instead,
and fail if that fails.
The no-op was there was not all projects have distclean,
but we do intend for them all to be cleaned.
We mitigate further error by only running make-clean if
a makefile exists.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't copy the files directly, because we might be doing
this from a work directory that has no files; in this case,
generic "unknown" variables are used, without generating
any files, so the current logic would produce an error.
However, we do need to create those dot files, because
we then rely on them for building release binaries.
The new logic maintains current behaviour, while fixing
this technical edge-case scenario via mitigation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stick it in git_prep, which both single- and multi-tree
projects will use, when downloading git repositories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The following execution will result in another printf
that says exactly what is being downloaded.
There is no need to inform the user twice about
what is being downloaded.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A git-pull is performed immediately after git-fetch.
Git-pull already performs git-fetch as a prerequisite.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the checks at the end of the function are mostly
superfluous, because bad_checksum() is immediately
called just beforehand, and performs the same checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current behaviour is a relic from the older lbmk
design, before recent auditing.
the current logic would cause xbmk to continue execution,
going into a child process with .git/ being a symlink.
The .git/ directory should never be a symlink, because
it is extremely error-prone.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We rely on a non-zero exit on other try_ commands, which
works fine there because we then check the file afterward
and error out accordingly.
For git repositories, we assume that both mirrors are
identical and therefore once we get to the first clone
attempt, we assume that it must succeed.
Therefore, if it does not succeed, we must fail. This fixes
a regression I found in testing, where sometimes a failed
patching attempt would not result in an error exit, and
would therefore result in broken sources being present.
In practise, I always very closely watch the terminal when
testing xbmk, especially when updating project patches, so
we probably didn't introduce any broken sources in practice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This code was introduced to provide fault tolerance,
so that if I forgot to manually update the configs
myself, builds would still succeed, e.g. coreboot
builds.
However, there have been cases in the past where this
introduces settings we don't want, and in general we
do want to know when there is an error in the configs.
The policy should always be: fail early, fail hard.
This also mitigates bugs in U-Boot's build system; for
example, when I last attempted to update the U-Boot
tree for x86, make-oldconfig introduced a lot of junk
settings unrelated, which then introduced code that
would brick the board if you tried it on one, e.g.
it broke booting most Linux kernels via bootflow.
With this change, U-Boot will be easier to handle,
which normally requires manual configuration; the
automated make-oldconfig reconfiguration feature
breaks U-Boot. This will no longer occur, since we
no longer run it manually.
On the other hand, this feature has also prevented
other disastrous bugs in the past, such as when I
forgot to properly set the SPD size on T480; it was
set to 256 bytes, not 512 as is correct. Therefore,
this new design change means I must also be more
vigilant about config changes in project trees.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it mainly does general tasks, like handling utils
and enabling ccache. the vfiles are a small part.
rename the function accordingly. it is called by
premake, so let's call it corebootpremake.
this change will also make sense when cherry-picked
into cbmk, which does not handle vfiles at all.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we simply do not need to run the make-oldconfig command
at all, and after removing it, the "cook" function seemed
quite redundant so i merged it with mkvendorfiles()
Signed-off-by: Leah Rowe <leah@libreboot.org>
define it with a single variable, rather than several.
this allows several checks to be greatly simplified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In practise, coreboot can set this bit at build time.
We also use ME Soft Temporary Disable by default, on
this platform.
We also use me_cleaner by default, so the me.bin file
added to flash only contains the code that would run
with HAP set anyway.
Therefore, this change is of little practical consequence,
but as a friend put it to me, this change is most technically
correct.
And I'm all about technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We only need the Kabylake version. We can safely
remove the other ones, thereby significantly
reducing the size of the lbmk release archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Right now, if cache/clone/PROJECT/ already exists,
the logic for pulling new changes doesn't execute,
and neither does the logic for updating remotes.
This is bad when updating revisions, because then
manual updating is required, defeating the purpose
of xbmk's own automation in this regard.
Fix it by only checking the cached download on files,
not Git repositories; the try_git function itself will
already perform this check, before updating remotes
and pulling in new commits from upstream.
The updating only happens when a given target directory
doesn't exist, e.g. src/flashprog/ or src/grub/default/,
so this won't slow down release builds for example.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, an "unknown" version number is created.
This regression was caused by the recent optimisation
that reduces the amount of extra work done by init.sh
on child instances of xbmk.
As a result of those changes, now release.sh has to
do some minor initialisation of its own, such as this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also pcsx-redux
this way, commands like "./mk -u" without argument
will not fail. these fake makefile commands do nothing.
otherwise, an error errors because their makefiles
do not define these options.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, ./mk -d (without arguments) fails for GRUB,
which first requires running autoconf to get a Makefile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in several changes from upstream:
* 73d1c959e cryptocheck: Add --quiet option
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
* 301b4ef25 disk/cryptodisk: Add the "erase secrets" function
* 23ec4535f docs: Document available crypto disks checks
* 10d778c4b commands/search: Add the diskfilter support
* 7a584fbde disk/diskfilter: Introduce the "cryptocheck" command
* ed691c0e0 commands/search: Introduce the --cryptodisk-only argument
* c448f511e kern/rescue_reader: Block the rescue mode until the CLI authentication
* 4abac0ad5 fs/xfs: Fix large extent counters incompat feature support
This commit is of particular interest:
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit fb7aaa78bb.
it caused a few issues. will re-do later
the old code isn't really broken, just inefficient, because
several files are scanned twice, but in practise the overhead
isn't that great
The error occurs sometimes, when bruteforcing me.bin:
ERROR ./mk: Unhandled error for: mv /home/user/lbmk/tmp/me.bin /home/user/lbmk/cache/tmpdl/check
This revert should fix the issue, for now.
i'm adding characters to 7ztest, which isn't being passed
on through because everything runs in subshells; the next
pass would default back to the original string, so a given
file may be checked multiple times.
fix this by mitigation; use the random string from mktemp
as a suffix instead.
in practice, this has not affected performance much, but it
will nevertheless avoid unnecessary work by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't skip if the URL is empty. throw an error instead.
i decree that all links must be properly initialised, because
that is the design of lbmk. where only one link is provided,
such as in a local copy operation, the second would succeed no
better than the first so two identical paths are given.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the intent once again is that this for loop shall
return, with zero status, if success is observed.
otherwise, the loop breaks and an error is thrown.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The idea in this function is that if a file or repo is
successfully handled, a return will be performed from the
loop.
If the loop exits for any reason, an error is thrown. The
current code is probably fine, but I can forsee future
modifications possibly causing bugs here.
Make it unambiguous, by always throwing an error if execution
reaches the end of the function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Because of how sh works, having just the [] line causes
sh to exit, annoyingly without an error message, but it
does cause a non-zero exit.
This bug will have already been triggering, before I added
the recent error handling on files for this for loop.
also do it to the other loop in lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
I never really intended for this to be configurable,
but the cache directory is also used during release
builds.
There's too much that can go wrong, letting the user
decide where their cache is. Simplify it by hardcoding.
Signed-off-by: Leah Rowe <leah@libreboot.org>
already present on a few other config files, e.g. arch
i noticed on debian-experimental that i needed to explicitly
install it, whereas it was implicitly installed on debian 12
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's just two lines, and we want much more granular
control of where the lock is enforced. it should be
JUST after confirming that the instance is a parent.
it is at this moment that we should bail if a lock
file exists, because this signals that another instance
of xbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
once again, we are being stricter in child instances.
we must ensure that these variables are set by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we no longer rely on the .git version being
read by child instances, so we MUST ensure
that it is being read.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't update them on child instances, since it's a waste
of time; the lock file prevents further execution, so we
are just wasting time writing to disk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to read or write a file at all, in that case.
we only then need to generate one if running ./mk release.
the scenario in which no .git and no version files exist
is when someone grabs the build system from a snapshot
generated by e.g. forgejo instances. it's ill advised, so
we advise against it, but it is mitigated in code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
That way, unnecessary work is avoided on child instances.
Of course, the current check assumes that TMPDIR wasn't
already set by a wily user before running lbmk, but then
those sorts of users probably know what they're doing.
If they don't know, they will soon find out. Therefore, I
have added additional checks on child instances, preventing
the build system from running if XBMK_CACHE is not set; if
it isn't, then that could very easy lead to certain system
files being overwritten.
The user must never know what happens if XBMK_CACHE is unset.
We simply will not allow it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
all this function does now is create the python symlink,
based on work that was already performed in set_pyver
Signed-off-by: Leah Rowe <leah@libreboot.org>
Do it after the creation of xbmkpath.
This avoids performing an unnecessary check, since
PATH will have already been corrected for child
instances; Python will already be correct there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we mkdir -p xbmklocal, only to remkdir it immediately
afterward, which is the intended behaviour; on parent
instances, xbmklocal is to be re-created fresh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this function now simply creates directories that lbmk
will use, rather than creating specific directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we must only set this in the parent instance, not
child instances. this prevents the variable from
being over-populated with repeated entries.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, initialisation will not be performed erroneously
while another parent instance of lbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is earlier than the current check, thus preventing
the initialisation of a git repository and/or the recreation
of xbmktmp and xbmklocal by erroneous parent executions of lbmk
while another parent is running - the latter of which could have
caused a massively unpredictable build failure, so this is also
a pre-emptive bug fix, fixing all kinds of weird bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i wasn't ok having that variable initialisation and
then the commands on the same line. it looks messy.
having the commands on a separate line makes the code nice
to read, so let's separate them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user doesn't care where the temporary git repo is
git shows that information anyway, in the git clone command
Signed-off-by: Leah Rowe <leah@libreboot.org>
we really only need it there, because the context is
for release archives. normal use of the git repository
doesn't matter in the context of deletions, because that
will not be distributed. only the result of ./mk release
will be distributed.
the builds produced will not change as a result of this,
for people using the normal git repository, because the
files in question are never used anyway, in our configs.
this is being done to make working on local repos easier.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, ./mk -b (without argument) will fail, on release
archives. also, perhaps i should add an mkhelper to build it?
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is the mkdir call that createsn the directory where
a cached git repository is moved to, during creation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
On release archives, I overlooked the previous change to
downloads, during the recent implementation of extra safety
checks. I previously checked there whether the variable named
CONFIG_KBC1126_FIRMWARE was defined, and grabbed both; now I
check CONFIG_KBC1126_FW1 and CONFIG_KBC1126_FW2 separately,
grabbing each file separately.
This patch replicates that change for insertions. Otherwise,
hash verification on ROM images will fail, when running the
inject script on release images.
Downloading was being done, reliably, and the extracted files
were correct, so there was no danger if the user was building
from source and flashing that way.
However, checksum verification on full images failed when
inserting into archives. This is not because the files were
wrong; they were *correct*. However, the EC firmware was not
being inserted *at all* on HP EliteBooks, because of this
oversight. The check is now based on whether the paths to
the files themselves are defined, not whether EC firmware
is enabled in the coreboot config; the latter is implied.
With this patch, vendor file insertion once again works
perfectly, without error, on every board. There was no real
danger for users, just a minor inconvenience. Sorry!
Signed-off-by: Leah Rowe <leah@libreboot.org>
the exit from mkdst can also be non-zero if mv or cp
failed, but there's no way to handle that reliably.
therefore, the checksum verification should be done
one final time, to compensate.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I currently check the downloaded files e.g. .exe file, but
then I don't check - or even define - sha512sums for the
files extracted from them e.g. me.bin
This patch fixes that. It also caches the hashed files, so
that extraction is faster on a re-run - this makes release
builds go faster, when running ./mk release
If a checksum is not defined, i.e. blank, then a warning is
given, telling you to check a specific directory. This way,
when adding new vendor files, you can add it first without
specifying the checksum, e.g. me.bin checksum. Then you can
manually inspect the files that were extracted, and define it,
then test again.
In a given pkg.cfg for config/vendor, the following variables
are now available for use:
FSPM_bin_hash for fsp m module
FSPS_bin_hash for fsp s module
EC_FW1_hash for KBC1126 EC firmware (1st file)
EC_FW2_hash for KBC1126 EC firmware (2nd file)
ME_bin_hash for me.bin
MRC_bin_hash for mrc.bin (broadwell boards)
REF_bin_hash for refcode (broadwell boards)
SCH5545EC_bin_hash for sch5545 firmware (Dell Precision T1650)
TBFW_bin_hash for Lenovo ThunderBolt firmware (e.g. T480/T480s)
E6400_VGA_bin_hash for Dell E6400 Nvidia VGA ROM
In practise, most people use release archives, and the
inject script, so I knew those were reliable, because the ROM
images were hashed prior to removing files. This patch benefits
people using lbmk.git directly, without using release files,
because now they know they have a valid file e.g. me.bin
Previously, only the download was checked, not the extracted
files, which meant that the only thing preventing a brick was
the code not being buggy. Any number of bugs could pop up in
the future, so this new level of integrity will protect against
such a scenario, and provide early warning prompting bug fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in a few places, we use the presence of a file found
by fx_ to cause an exit, but the command that runs
looks something like:
exit 1 "string"
this yields an error, and a non-zero exit, because of
too many arguments to "exit", but we wanted a non-zero
exit anyway.
nevertheless, this is incorrect.
to fix it, eval is used instead. if the never-going-to-exist
condition one day exists where exit 1 actually returns, not,
you know, exits, we will use err instead, with the string
as argument.
this should be fine. it's a bit hacky, but so is fx_, and
it works. fx_ is used in several places to keep the sloccount
down, providing a common way to perform while loops on the
output of a command; that is its only purpose..
Signed-off-by: Leah Rowe <leah@libreboot.org>
more specifically, re-write it so that it can be called with fx_
this means that the single-tree check for nuke.list can be made
much simpler
Signed-off-by: Leah Rowe <leah@libreboot.org>
This way, we can use x_ which will then print the command
that failed, if we need to debug future errors.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I overlooked this in a previous patch. It doesn't really
matter, since we're operating on a file anyway, but it's
not correct.
Files should have rm -f on them, not rm -Rf, for deletion.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We already do what the old code does in setcfg, by
virtue of the fact that the st variable is later
checked, after loading this config conditionally,
where the st variable is otherwise blank.
We can avoid the unnecessary work after loading
the config, by returning if the config is absent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We are calling xbmkget in the same way, whether it's
a subfile or subrepo.
Rename these variables to subcurl and subgit, so that we
can call xbmkget unconditionally.
Signed-off-by: Leah Rowe <leah@libreboot.org>
they were always re-downloading every time.
i've basically re-written most of xbmkget.
there was some erroneous conditions under which
it wrongly deleted the cached file, resulting in
it being downloaded again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The result of the printf statement is sorted, making
it do binaries first, which results in a lot of junk
files then being present inside the source archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it now handles more than just git, and i forsee
it handling even more in the future, e.g. rsync,
ftp, bittorrent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
And this time it works.
I'm now calling xbmkget() which in turn calls tmpclone(),
instead of me calling tmpclone() directly.
The git-pull is done on both remotes, regardless of whether
the first succeeds. This way, if I forgot to update a mirror,
downloads would probably still work.
This also fixes an issue people were having, for example where
the gnulib repository of GRUB was always being downloaded
every time.
I'm using a new directory, XBMK_CACHE/clone, instead
of XBMK_CACHE/repo (which I used before), in case people
still have the old caches from before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't move to the real directory until the work
is done.
that way, a re-try can be done, while analysing
the old files. it is created based on the tmpdir,
under XBMK_CACHE/
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't need to call it from git.sh, because it's
only being done when building a release anyway,
and we already run rmgit when doing a release.
The function itself is only two simple fx_ calls,
so we can just do that from build_release().
Signed-off-by: Leah Rowe <leah@libreboot.org>
in cbmk, it's only used from there.
in lbmk, it's also used from vendor.sh.
however, i plan to further expand git.sh at
some point, tidying it up so that git cloning
is also done from xbmkget, with dlop=git and
git.sh would then be renamed to get.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
group the cbfs command to the extract command, since they
are related. this makes it clearer that the following
command to extract refcode is unrelated.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it was too complicated. most of the logic has been moved
to a new function, try_file()
the for loop is handled by xbmkget(), whereas each try
is now handled in try_file()
Signed-off-by: Leah Rowe <leah@libreboot.org>
split the actual bootstrapping to getvfile()
setvfile only sets the config, but then it will
call getvfile() to act on that config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i moved out more code to vendor.sh, to reduce the
amount of lbmk-only code on inject.sh
this should reduce the number of merge conflicts
even further, when cherry picking from lbmk to cbmk.
in particular, vendor file insertion is now handled
entirely through the "setvfile" function, instead
of from inject.sh, which seems counterintuitive,
but remember that inject.sh also does MAC addresses.
therefore, the inject.sh script is now primarily for
inserting MAC addresses, and handles vendor downloads
in a slightly more convoluted way, but still easy
enough to understand if you read it a bit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, we create empty directories where build.list
doesn't exist, like on coreboot.
we already create a directory when needed, when actually
copying elf files, so let's just leave it at that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
to the extent feasible, keep lbmk-specific parts on
inject.sh to a minimum. this will later be used to
re-sync cbmk's inject.sh with lbmk's, because cbmk's
one doesn't handle vendor files.
the way this is designed now, with this patch, will
make cherry-picking lbmk to cbmk easier in the future,
when keeping this part of cbmk in sync with lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
generally go for a more linear function order, and
split up any functions.
the objective is to have functions only suitable to
libreboot be separate. more splitting will be done,
and eventually the vendor-download functions will be
split into a new file, as will several other functions.
this is being done as part of an effort to bring the
libreboot and canoeboot versions of inject.sh in sync,
so that from now on, cherry picking between the two
projects will produce fewer merge conflicts and require
a lesser amount of post-merge maintenance.
some other minor cleanup has also been done; for example,
the "need_files" variable is redundant and was removed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
many places in lbmk used err, because older versions
of x_ did not handle globbing properly.
however, use of x_ is preferable on trivial commands.
the only time err() should be called is what it has
to be, when x_ can't work, or when a more useful error
message is needed, for context.
Signed-off-by: Leah Rowe <leah@libreboot.org>
that way, the Intel GbE device can be enabled there,
and only then would the refcode file be copied.
otherwise, the current behaviour would leave buggy
refcode in place, if the dd command failed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use of the e function would slow down execution,
and it's mostly unnecessary in this case.
the e function is only needed if we want to confirm
via user message that a file exists. that is not
needed here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current test allows a further extraction after
running mecleaner, even if me.bin was found.
further, any recursive calls that exit non-ze
don't lot the loop acthually stop, unless we
subshell that too, otherwise fx_ is returned to
return 0 when a given command it runs returns 1,
or more specifically: the for loop in x_ breaks.
this is by design, and there's not much that can
be done, but this patch should pseed up extraction
a little bit, when dealing with intel me files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
that way, with set -u -e, we aren't risking some
buggy sh implementations from causing an error exit
where it shouldn't.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The idea with mk is that it's meant to basically be a
stub for running everything else, while mainly having
the trees logic within it (what was once script/trees).
Signed-off-by: Leah Rowe <leah@libreboot.org>
similar to the last patch, we must ensure that the
inability to patch will cause a hard exit, regardless
of any redundancy we have for cloning.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We allow a re-try when cloning fails, to account
for redundancy, but resetfail currently doesn't
cause any error exit at all.
This patch mitigates that bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, if it doesn't exist, the current check will
wrongly exit with error status, preventing you from
running the build system at all!
Signed-off-by: Leah Rowe <leah@libreboot.org>
We used cbfstool from coreboot 4.13, because it was the
last version to work with the particular format used
for stage files, before the CBFS standard changed in newer
releases of cbfstool.
When I added this board to Libreboot, it was source-only at
first so it didn't matter. I didn't want to do a standalone
cbfstool binary, in case some people decided to use that one
on newer boards, which would cause all sorts of issues.
So I bodged it and just included an import of coreboot 4.13.
Well, the cbfstool from coreboot 4.11, as used for FAM15H
AMD boards, is compatible. I checked the code diff between
the two, and there is no meaningful difference.
I've tested this, and it works, since the last release or
two now includes 820 G2 images, so I was able to use those
with ./mk inject, to verify whether the refcode file is
still grabbed properly. We need the refcode to handle MRC
on Broadwell platform, but we extract it from an old Google
Chromebook image, that uses the old CBFS stage file layout.
This change solves my problem: the problem was that releases
are bloated further, due to including this extra coreboot
version. This should reduce the size of the next release
considerably, especially after decompressing the tarball.
Signed-off-by: Leah Rowe <leah@libreboot.org>
right now, we assume "find", but it adds any number of
arguments next to that.
change it instead to support any command, where the
assumption is that it would generate a list of files
and directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i used i instead of 1, in the variable when running
the extract_archive function.
this didn't trigger since +u was set, and +e was set.
in practise, then, it seems that because of this, and
because my ME extract/insert test was a success, that
none of the archives we use actually have a ME inside
of a file inside of a given downloaded archive.
still, this is technically incorrect, so fix it!
Signed-off-by: Leah Rowe <leah@libreboot.org>
the call stack already falls through with a bunch of return
1s after a successful run of me_cleaner, so it's really not
necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Generated by find, this is a wrapper in place of using
for loops everywhere. This simplification temporarily
increases the amount of code, because we don't do this
a lot, but this will reduce the growth of the build
system code size in future changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't need the copy command at all, since the files
it copies are the only ones that the Python script does
anyway, so now we just make that script output to the
directory, directly, where these files must go.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Use fe_ with a new function, scankconfig, to do the
same thing. Not only is this simpler, it now also
operates on all coreboot configs for a given target,
whereas it previously only operated on the first one.
This is useful for cases where one config might use a
file that the other one does not; in practise, we don't
do this yet, but it's a theoretical possibility
Also: don't use the function check_defconfig, which is
now redundant and has been removed.
That function also conflicted with another function by
the same name in mk, but fortunately didn't cause an
issue in practise, due to how sh works; when vendor.sh
was used, it was without running the tree commands,
except under a separate lbmk instance.
So this is a simplification, a feature enhancement and
even a bug fix, all wrapped into one!
Signed-off-by: Leah Rowe <leah@libreboot.org>
It's completely unnecessary, and I forsee this
check breaking the build system at some point,
since some commands rely on the output of other
commands. Therefore, I've removed this check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
fe_ returns an error on the find command, but we rely
on the only error ever being our intentional exit, upon
discovering files.
in singletree, the directory being checked was already
checked first, so we know it's safe not to err on find;
and find not reporting an error if no files are found is
ok.
on elfcheck, it's very much the same thing. In fact, we
very much want it to return 0 if the directory doesn't
exist, or if files don't exist within it.
Therefore, use fx_ which is designed for this use-case.
Quick re-cap: fx and fe execute a given function name with
each line outputting by find as an argument, each time. It
is somewhat similar in scope to find's -exec command.
We use fe_ as shorthand in several places all over lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't insert special files like GRUB keymaps after
copying to the final destination.
Instead, copy the tmprom to /tmp and operate on that,
in these instances.
This is less efficient, depending on the user's
configuration; if /tmp is on the same file system as
the user's xbmkpwd, it should be fine. However, the
actual performance hit isn't that bad in practise,
on most setups.
If the user's /tmp is a tmpfs, then that means using
tmpfs, but it's one image at a time. It should be OK.
Signed-off-by: Leah Rowe <leah@libreboot.org>
"not seauboot" is a valid check at present, but if
i start supporting other arguments in the future,
this code would have to change.
therefore, i change it in advance, on that theory.
this new check is more technically correct. these
lines are triggered when inserting grub keymaps.
Signed-off-by: Leah Rowe <leah@libreboot.org>
See, coreboot bug report:
https://ticket.coreboot.org/issues/590
We hadn't noticed this for quite a while, since we always
just booted with iomem=relaxed when needing to run cbmem,
since in practise it was always combined with other tasks
that require access to lower memory.
GRUB currently matches coreboot's own mmap for cbmem, but
for example SeaBIOS marks cbmem as E820 reserved. Therefore,
this change replicates the SeaBIOS behaviour.
Without this patch, Linux needs to boot with iomem=relaxed
for cbmem access, for example when running ./cbmem -1
With this patch, cbmem is now accessible regardless. This
patch also prevents Linux from overwriting parts of CBMEM.
Thanks go to Paul Menzel, who wrote this GRUB patch.
Thanks also go to Nicholas Chin, who provided testing, all
the way from Coreboot 25.03 back to Coreboot 4.20. It seems
that this is just something the payloads have to handle.
This means that both SeaBIOS and GRUB no longer have this
bug, in Libreboot; now what remains is to replicate the
test with our U-Boot payload.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Some parts of lbmk set +u +e, to be reset later on
under normal conditions upon exit. We must ensure
such level of integrity in err() as well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Rely once again on err_, but still explicitly add an exit
just below, in case I made a mistake one day.
err() is essentially a trap that triggers in case I mess
up an error function, so that it doesn't reliably exit.
So, the idea is that everything calls err(), and err() is
almost never modified, or modified very carefully.
If error exits were ever broken, the result could be quite
unpredictable, so lbmk has very strict error handling, and
great care is taken to ensure that it does reliably exit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make the command style more consistent, for example
relying on x_ inside a subshell to print the command
and arguments if a command failed.
this is a good style, and i'll probably use it in other
places on lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't directly call a variable. Call a function that
checks the variable instead.
The new err function also checks whether an exit was
actually done, and exits 1 if not.
If an exit was done by the given function, but the exit
was zero, this is also corrected to perform an exit 1.
This fixes a longstanding design flaw of lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Always certainly redundant, since if -u -e isn't
set, it'll continue to exit anyway.
However, we want to be pedantic about this, since
the safety of lbmk relies entirely on this function
NOT misbehaving.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it could be that some were left over before, for some
reason. that isn't currently the case, but this will
avoid the possibility in future.
therefore, this is a preemptive bug fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the initial checks are unnecessary, since i always know
what arguments are being provided.
the -f check in the for loop is now an -x instead, more
efficient and complete.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we know that _dest is always what's set in the coreboot config,
without the ../../../ in it, so just copy both files in a single
function, and call the function twice.
if both files are done on the first call, the second call will
be skipped. if only the first file was done on the first call,
running the download script again will skip the first one, and
grab the second one.
this also avoids having to run the decat function twice, in most
cases, so it's a tiny optimisation.
this optimisation only works if both fsp files (s and m) are to
be extracted into the same directory, which is the case anyway,
and this will always be the case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't copy it until it has been padded properly.
Otherwise, erroneous padding would result in an error,
and who knows what would be left in vendorfiles/ ?
Signed-off-by: Leah Rowe <leah@libreboot.org>
If we're in a release work directory, TMPDIR is already
set, so the local ./tmp won't be created, which would
lead to an error.
Fix it by creating xbmklocal before checking TMPDIR.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this silences confusing error messages that the user
sees on the screen, that are actually benign, and it
will thus reduce the number of people who ask questions
on #libreboot irc
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's not a lot of code, and takes less than a second.
the previous change uses x instead of ?, but this would
cause an error if the nvmutil was already built, because
the makefile might cause a build to be skipped.
therefore, force a re-build to mitigate the error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A user reported that '?' causes an error on zsh. See:
https://codeberg.org/libreboot/lbmk/issues/261
For example:
./mk inject libreboot-XXXXXX.tar.xz setmac ??:??:??:??:??:??
The user got:
zsh: no matches found: ??:??:??:??:??:??
The mitigation here is to double-quote, e.g.:
./mk inject libreboot-XXXXXX.tar.xz setmac "??:??:??:??:??:??"
However, a lot of people won't do that. Therefore, I will
retain the current behaviour but support x/X for randomness.
Now lbmk uses x by default, instead. I will now update the
documentation, accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
not to be confused with /tmp
we use ./tmp inside the lbmk work directory, for large files,
because /tmp might not be very big, or might be a tmpfs
Signed-off-by: Leah Rowe <leah@libreboot.org>
In the mk script, we need fx_ to not return errors on the
find command, since it's searching a bunch of directories
where some of them may not exist.
All other instances where fx_ is used, must return an error
if the directory being searched doesn't exist.
For this, fe_() is introduced, which does the same as fx_
but with this much stricter check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We have a lot of places in lbmk where the output of find is
used, and then some function is executed on the result.
This is messy, and bloats several of these functions.
Now this is unified, into a new function: fx_
What fx_ does is execute a given function, for each result
found, with the arguments for a find command appended.
For example:
find -name ".git"
If you wanted to do: foo "$arg"
Where "arg" is a search result from find, and you wanted
to execute "foo" on each one, you would do:
fx_ foo -name ".git"
The find utility does have an -exec feature, but I've found
that it only works for executables, not functions.
fx_ does not return errors, so "foo" in this example
would have to do its own error handling.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is similar to the 9020SFF, but this board has ECC support.
However, the native raminit isn't used here, even though it is
otherwise compatible, because the native init doesn't do ECC yet.
The broadwell mrc.bin has ECC support, which is also used on the
HP EliteBook 820 G2. The MRC for broadwell can be used on haswell
boards such as the T1700.
Add both the SFF and MT variants. Since these are identical to the
9020 variants, except for slightly different PCH enabling ECC, we
can just re-use the 9020 port without issue.
We *could* add a variant to coreboot, for T1700, but there is not
really any pressing need. It is simply the 9020sff/mt with mrc.bin
Signed-off-by: Leah Rowe <leah@libreboot.org>
remove it from mkhelper files, because rom.sh doesn't
initialise any variables globally, except one that
never changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Do it just after creating the src archive. This way,
everything is downloaded all at once.
Otherwise, a momentary lapse of internet uptime will
cause a release build to fail later on, and one of
lbmk's flaws is that this would then mean you must
re-build from scratch.
If we assume that the internet is working within a
short period of time, then this change would mitigate
that possibility. If something did happen during tar
archive creation, that's a much shorter amount of time
that is "wasted".
Signed-off-by: Leah Rowe <leah@libreboot.org>
these functions make more sense in lib.sh
i made mk link lib.sh first, so that the
functions on init.sh can still use them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I fixed the AHCI bug, with a patch that I wrote. It works by
restoring the old SeaBIOS AHCI initialisation behaviour, whereby
the AHCI controller is enabled from its current state; the patch
that broke AHCI in coreboot (tested on ThinkPad T420), changed
AHCI initialisation behaviour so that the controller's state is
first reset, prior to enablement.
However, my patch also retains the new AHCI initialisation
behaviour, when a CSM is in use. The AHCI reset patch was done,
by the author, specifically for SeaBIOS in CSM mode, so it makes
sense to only change the behaviour conditionally according to that.
This reverts commit 8245f0b321.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit a08b8d94fc.
From #libreboot IRC today:
07:02 <irys> ooh this is fun. seabios commit 8863cbbd15a73b03153553c562f5b1fb939ad4d7 (ahci: add controller reset) breaks ahci entirely on t420
07:05 <irys> cbmem console on that seabios commit has a timeout then "AHCI/0: device not ready"
07:07 <irys> AHCI works fine if i change config/seabios/default/target.cfg to use the immediate previous seabios commit (df9dd418b3b0e586cb208125094620fc7f90f23d)
07:07 <irys> works in grub payload either way though
07:31 <irys> here, `cbmem -c` after booting the broken rev: https://0x0.st/84oQ.log
07:31 <irys> compared to the working one https://0x0.st/84o1.log
07:33 <irys> i can't report to upstream myself *right now* but i figure you might want to know about this leah
I have downloaded those logs locally for reference, so that an upstream
report can be made to SeaBIOS. For the purposes of this Libreboot commit,
the diff of the logs is as follows (diff -u broken.log working.log):
Taking each diff line out of the log, the relevant entries
seem to be:
Searching bootorder for: /pci@i0cf8/*@1f,2/drive@0/disk@0
+AHCI/0: Set transfer mode to UDMA-6
+Searching bios-geometry for: /pci@i0cf8/*@1f,2/drive@0/disk@0
+AHCI/0: registering: "AHCI/0: Netac SSD 128GB ATA-11 Hard-Disk (119 GiBytes)"
-WARNING - Timeout at ahci_port_setup:477!
-AHCI/0: device not ready (tf 0x80)
-All threads complete.
-2. Payload [memtest]
+2. AHCI/0: Netac SSD 128GB ATA-11 Hard-Disk (119 GiBytes)
+3. Payload [memtest]
-Space available for UMB: c7000-eb800, f5880-f5ff0
-Returned 16777216 bytes of ZoneHigh
+drive 0x000f5fa0: PCHS=16383/16/63 translation=lba LCHS=1024/255/63 s=250069680
+Space available for UMB: c7000-eb800, f5880-f5fa0
+Returned 16773120 bytes of ZoneHigh
Therefore, the revision will be reverted back for now. It was
only about 8 additional patches imported in the update anyway.
src/rp2_common/boot_stage2/boot2_w25x10cl.S:142: Error: junk at end of line, first unrecognized character is `0'
src/rp2_common/boot_stage2/boot2_w25x10cl.S:145: Error: garbage following instruction -- `beq 00b'
This should also fix it on Debian sid Experimental, where I'm testing
with GCC 15 and other bleeding edge dependencies.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i forgot to in the last commit, but it didn't matter because
it just meant that coreboot.git's own download logic kicked
in as a fallback. however, it's better to rely on libreboot's
build system for this, since it has redundancy.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this fixed kgpe-d16 build errors on gcc 15 when tested
on debian sid (with gcc-15 installed from experimental)
Signed-off-by: Leah Rowe <leah@libreboot.org>
Many users report bugs, so I'm reverting lbmk back to only
supporting the rp2040 dongles for the time being. The
documentation will be updated to reflect this.
Pico2 support will be re-added at a later date, once more
testing has been done, and fixes made if necessary.
This brings in the following improvements from upstream:
* 9029a010 kconfig: fix the check-lxdialog.sh to work with gcc 14+
* 8863cbbd ahci: add controller reset
* df9dd418 update pci_pad_mem64 handling
* a4fc1845 add romfile_loadbool()
* a2725e28 drop acpi tables and hex includes
* 35aa9a72 drop obsolete acpi table code
* 1b598a1d usb-hid: Support multiple USB HID devices by storing them in a linked list
Signed-off-by: Leah Rowe <leah@libreboot.org>
the fix in the previous revision wasn't being applied
properly, because the build system of gmp generates
a conftest.c file, and the entry being made for it was
actually coming from this place in the configure file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
gcc 15 defaults to -std=c23, but the older gcc was
using -std=c17. The new c23 breaks GMP, so let's add
a patch from upstream (GMP project) to fix it.
this has been done to both coreboot trees.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Building the fam15h tree results in one of the same nonstring errors
we also had when building the default tree. Copy the relevant patch from
the default tree, while dropping a hunk that we don't need in this old
version.
Another build error is about bool being a reserved keyword now:
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7140:13: error: 'bool' cannot be used here
7140 | static void bool(struct compile_state *state, struct triple *def)
| ^~~~
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7140:13: note: 'bool' is a keyword with '-std=c23' onwards
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7140:18: error: expected identifier or '(' before 'struct'
7140 | static void bool(struct compile_state *state, struct triple *def)
| ^~~~~~
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c: In function 'mkcond_expr':
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7708:19: error: expected ')' before ',' token
7708 | bool(state, test);
| ^
| )
[...]
Fix that by adding a patch that renames the function to bool_().
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Building coreboot host tools with GCC 15 results in build errors:
In file included from .../lbmk/src/coreboot/default/util/cbfstool/console/console.h:7,
from .../lbmk/src/coreboot/default/src/commonlib/fsp_relocate.c:3:
.../lbmk/src/coreboot/default/src/commonlib/include/commonlib/loglevel.h:170:26: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (6 chars into 5 available) [-Werror=unterminated-string-initialization]
170 | [BIOS_EMERG] = "EMERG",
| ^~~~~~~
.../lbmk/src/coreboot/default/src/commonlib/include/commonlib/loglevel.h:171:26: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (6 chars into 5 available) [-Werror=unterminated-string-initialization]
171 | [BIOS_ALERT] = "ALERT",
| ^~~~~~~
[...]
../cbfstool/common.c: In function 'bintohex':
../cbfstool/common.c:195:43: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (17 chars into 16 available) [-Werror=unterminated-string-initialization]
195 | static const char translate[16] = "0123456789abcdef";
| ^~~~~~~~~~~~~~~~~~
Add a patch that marks the latter with the "nonstring" attribute, and
disable the warning for the former because I couldn't figure out how to
add that attribute there.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The Debian package for libusb is "libusb-1.0-0". Fix the typo in the
list which is missing the suffix. While we're here, also fix a line
continuation.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
One of our SeaBIOS patches causes build errors with GCC 15:
src/romfile.c: In function 'romfile_loadfile_g':
src/romfile.c:65:18: error: too many arguments to function 'malloc_fn'; expected 0, have 1
65 | char *data = malloc_fn(filesize+add_len);
| ^~~~~~~~~ ~~~~~~~~~~~~~~~~
src/romfile.c: In function 'romfile_loadfile':
src/romfile.c:88:50: error: passing argument 3 of 'romfile_loadfile_g' from incompatible pointer type [-Wincompatible-pointer-types]
88 | char *data = romfile_loadfile_g(name, psize, &malloc_tmphigh, 1);
| ^~~~~~~~~~~~~~~
| |
| void * (*)(u32) {aka void * (*)(unsigned int)}
src/romfile.c:55:28: note: expected 'void * (*)(void)' but argument is of type 'void * (*)(u32)' {aka 'void * (*)(unsigned int)'}
55 | void *(*malloc_fn)(), int add_len)
| ~~~~~~~~^~~~~~~~~~~~
In file included from src/romfile.c:8:
src/malloc.h:42:21: note: 'malloc_tmphigh' declared here
42 | static inline void *malloc_tmphigh(u32 size) {
| ^~~~~~~~~~~~~~
make: *** [Makefile:142: out/src/romfile.o] Error 1
make: *** Waiting for unfinished jobs....
src/optionroms.c: In function 'vgarom_setup':
src/optionroms.c:468:60: error: passing argument 3 of 'romfile_loadfile_g' from incompatible pointer type [-Wincompatible-pointer-types]
468 | void *mxm_sis = romfile_loadfile_g("mxm-30-sis", NULL, &malloc_low, 0);
| ^~~~~~~~~~~
| |
| void * (*)(u32) {aka void * (*)(unsigned int)}
In file included from src/optionroms.c:18:
src/romfile.h:17:34: note: expected 'void * (*)(void)' but argument is of type 'void * (*)(u32)' {aka 'void * (*)(unsigned int)'}
17 | void *(*malloc_fn)(), int add_len);
| ~~~~~~~~^~~~~~~~~~~~
In file included from src/optionroms.c:16:
src/malloc.h:30:21: note: 'malloc_low' declared here
30 | static inline void *malloc_low(u32 size) {
| ^~~~~~~~~~
make: *** [Makefile:141: out/src/optionroms.o] Error 1
make: Leaving directory '/tmp/lbmk/src/seabios/default'
This is because the function pointer defined as `void *(*malloc_fn)()`
refers to a function that takes no arguments, unlike `malloc_tmphigh`
which takes an unsigned int. Add the missing argument type.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Recently, gru boards were migrated to use common stack addresses with
U-Boot commit 5e7cd8a11995 ("rockchip: Use common bss and stack
addresses on RK3399") and commit 49f8131e5594 ("rockchip: rk3399-gru:
Use TPL with common bss and stack addresses"). This is done with the
ROCKCHIP_COMMON_STACK_ADDR config.
With POSITION_INDEPENDENT, INIT_SP_RELATIVE defaults to enabled as well.
However, ROCKCHIP_COMMON_STACK_ADDR selects HAS_CUSTOM_SYS_INIT_SP_ADDR,
which depends on INIT_SP_RELATIVE being disabled. So this results in a
configuration warning:
WARNING: unmet direct dependencies detected for HAS_CUSTOM_SYS_INIT_SP_ADDR
Depends on [n]: ARM [=y] && ARCH_KIRKWOOD [=n] || ARC [=n] || ARM [=y] && !INIT_SP_RELATIVE [=y] || MIPS [=n] || PPC [=n] || RISCV [=n]
Selected by [y]:
- ROCKCHIP_COMMON_STACK_ADDR [=y] && ARM [=y] && ARCH_ROCKCHIP [=y] && SPL_SHARES_INIT_SP_ADDR [=y]
I'm not sure if adhering to the Rockchip values means we can't be
position-independent. Disabling INIT_SP_RELATIVE still appears to keep
my kevin board working, so let's do that for now.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Apply our preserved changes to the new U-Boot defconfigs. Upstream
rearranged memory layouts for Rockchip boards to a unified layout, which
got rid of CUSTOM_SYS_INIT_SP_ADDR and HAS_CUSTOM_SYS_INIT_SP_ADDR, and
will need a change to a related INIT_SP_RELATIVE later.
Normalize the positions of each line in the config by regenerating the
defconfig by `./mk -l u-boot` and then `./mk -s u-boot`, so that the
diff looks all green when we actually expand it to the full config.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set the U-Boot revision to the commit hash for v2025.04, and rebase the
patches for the default U-Boot tree to accommodate for upstream changes:
- The SPL/TPL/VPL phases are being unified under the xPL name, so
there's a config rename.
- Some test macros were renamed, for the video-related patches.
- Add some missing hunks for video damage series.
- Upstream Makefile adds another argument to the binman call.
- The SWIG related patch is merged upstream, drop it.
I'm not sure if src/u-boot/* directories are regenerated on new builds,
so it may be necessary to remove them manually after applying this.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Run diffconfig from Linux to track our modifications to the old upstream
defconfigs, so we can apply them to the new ones. Restore the original
defconfigs to highlight our changes here, and upstream changes in the
next commit. Done manually, but something like:
do_diff() {
ours="$1"
theirs="$2"
tree="$3"
diffconfig \
src/u-boot/${tree}/configs/${theirs}_defconfig \
config/u-boot/${ours}/config/default \
>config/u-boot/${ours}/config/diffconfig
cp src/u-boot/${tree}/configs/${theirs}_defconfig \
config/u-boot/${ours}/config/default
}
do_diff amd64coreboot coreboot64 x86_64
do_diff i386coreboot coreboot x86
do_diff gru_bob chromebook_bob default
do_diff gru_kevin chromebook_kevin default
do_diff qemu_arm64_12mb qemu_arm64 default
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Run `./mk -s u-boot` to convert our configs into defconfigs, so we can
keep our changes to the old upstream defconfigs and re-apply them to the
new upstream defconfigs.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
it's not necessary, and was the cause of a recent issue,
which i mitigated, but why mitigate it?
prevent bugs. don't use eval unless absolutely necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
see:
commit f0c629dcc6
Author: Leah Rowe <leah@libreboot.org>
Date: Sat Apr 12 13:51:49 2025 +0100
lib.sh: write version/versiondate to dotfiles
and this bug report:
https://codeberg.org/libreboot/lbmk/issues/284
The report indicates that the above commit broke bash,
when sh (on the user's system) is bash.
I know sometimes when using bash, I need to use the
back slash when dealing with dots, e.g. when grepping
something.
Also double quote references to dotfiles, e.g. when
directing the output of printf.
I never noticed the issue myself, since I use dash.
Signed-off-by: Leah Rowe <leah@libreboot.org>
If the mode string is empty, then it's a build command.
See commit:
commit b1ea416575
Author: Leah Rowe <leah@libreboot.org>
Date: Wed Apr 23 03:54:08 2025 +0100
mk: remove mkhelp() and use x_() instead
This commit removed the following check:
If mode isn't set, run an mkhelper, otherwise don't.
Because this simplification removed that behaviour,
running e.g. "./mk -m coreboot x200_8mb" would result
in the mkcorebootbin function being executed, which is
normally putting the coreboot rom together.
Since it wasn't built in this case, an error is thrown.
This change therefore restores the previous behaviour,
fixing the bug.
First reported in this error report:
https://codeberg.org/libreboot/lbmk/issues/306
This commit fixes the issue.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the command -v check has been removed, since this function
already calls git immediately, which would accomplish the
same thing since that causes an error if git isn't there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
setvars is always invoked with eval, so make the error
condition a message for eval, to ensure that it is reliably
handled, in case of error condition.
Signed-off-by: Leah Rowe <leah@libreboot.org>
one function, for one task. skeleton functions for
performing multiple tasks. that is the basic coding
style guideline for lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
On initialisation of the child instance, ./mk is
executed, but an error from it won't reveal what
command was actually executed.
This change makes that the case, since x_ does
print the command that caused an error.
This is useful for debugging. However, we don't
want x_ to cause a real exit, because we still
need to handle the lock file from the parent
instance.
Therefore, the first child instance is executed
inside a subshell, and xbmk_rval is set if that
subshell returns non-zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This fixes a problem, in that CMake 4.0 dropped compatibility
with CMake version 3.5; UEFIExtract/CMakeLists.txt had the line:
CMAKE_MINIMUM_REQUIRED(VERSION 3.1.0 FATAL_ERROR)
This is lower than 3.5.
The new version has this:
CMAKE_MINIMUM_REQUIRED(VERSION 3.22)
Which is higher than 3.5, in terms of version number.
This brings in the following upstream changes:
* a072527 Convert other uses of 0xABCD back to ABCDh
* a19aead Revert "Update hexadecimal numbers output format from ABCDh to 0xABCD" due to breaking downstream tools
* 7752279 Improve region access settings info for Intel v2 descriptor
* 6f6debb Add volume header info on NumBlocks and Length used to calcualte alternative size of it
* f64ba09 Minor fix for embedded QHexView on Windows
* 2b23bbd Implement Apple developer signing for macOS builds
* 9cc9518 Update hexadecimal numbers output format from ABCDh to 0xABCD
* 73d07cd Add Kaitai-based parser for Dell DVAR store
* c8b7151 Fix minor bug while presenting the EOF elemement of AppleSysF store
* 892111a Add new fields into Intel Microcode header
* 7cea8ee Remove outdated definition of FLASH_PARAMETERS
* c38ed92 Add missing header comments to goto*dialog.h
* 22bb757 Remove PATH_MAX from realpath
* d61d759 Make sure to wrap all uses of kaitai::kstream into try-catch blocks
* 7ef3719 Add initial support for Insyde H2O FlashDeviceMap rev4
* 97a85f9 Add Microsoft LZMA section GUID
* a077743 Bump version numbers
* 07742a5 Update GUID database
* a12be6b Address review comments
* 9719b0c Update copyright and authors in About UEFITool window
* fbf6afd Expand Type column of the report to fit new FlashDeviceMap store and entry types
* 3cb5dc0 Add SLIC pubkey and marker parsers
* fd0faea Add Phoenix CMDB parser
* 01e2e08 Add FFS volume parser for non-AMI NVRAM areas
* 4e2a8f6 Add Intel uCode parser
* 58366f4 Add Insyde Flash Device Map parser
* b98edf6 Add Phoenix EVSA parser
* f989fdf Add Phoenix FlashMap parser
* 4e600eb Add Apple SysF/Diag parser
* 2d6eaa9 Add EDK2 FTW parser
* ca7d4ca Add Insyde FDC parser
* 34904bd Add KaitaiStruct parsing of Phoenix VSS2
* 489b85f Rewrite VSS and VSS2 NVRAM variable parsers in KaitaiStruct
* 2661b8f Remove manual NVRAM parsing, add EDK2 VSS parser written in KaitaiStruct
* d91115f Also sign UEFIFind and UEFIExtract for macOS
* 0fae05c Add adhoc signature to UEFITool on macOS
* 5e6a1c7 Fix CFBundleIdentifier in UEFITool Info.plist
* 8d7e01c Make sure to initialize counterUncData
* b1ad055 Bump version numbers
* 7dd9014 Update GUID database
* 4e3fa58 Update QHexView, build it as a library for Qt6 builds
* 369f101 Enable building ffsparser_fuzzer during CI/CD, improve readUnaligned to silence Clang UBSAN
* ff42cec UEFIExtract: add support for extracting uncompressedData for tree items that have it
* c94f78a Add missing common/LZMA/SDK/C/7zWindows.h
* b5756f9 Revert old patch from common/LZMA/SDK/C/CpuArch.c
* 65fb4a8 Update LZMA SDK to 24.09
* e66bc7d Apply a small patch to common/zlib/gzguts.h to fix a build issue in macOS
* dcf21fa Update built-in zlib to 1.3.1
* 0af36bd Fix an issue with kaitai_regenerate.sh creating backup files on modern macOS
* fd76e89 Update README.md
* 427d8ec Update README.md
* a824260 Add MX77L12850F
* a777f1f Update main.yml
* 5f23377 Update main.yml
* 932120c Use x64 macos-13 runner for FreeBSD in main.yml
* a8c008c Update macos-12 to macos-latest in main.yml
* 6b853f8 Fix SonarCube Scan action version
* 66565a5 Try using new SonarCube scan action
* 371448d Enable long file paths for UEFIFind
* b0cd7fe Update upload-artifacts action to v4
* 4b868bb Remove CodeQL and PVS-Studio from main.yml
* 214b356 Add AMIC A25LQ64 to internal JEDEC ID database
* 0030ea9 Fix findPattern logic when pattern is at the end of the data
* 3441255 fix: add qt version limit to setDesktopFileName
* 941ee6c Set desktop file name to fix the missing icon when running under Wayland
* c550853 Defined ACCESSPERMS for musl
* bf93a5e Bump version numbers
* d03a8f2 Fixing FreeBSD action
* 0a88da1 Update guids.csv
* 6f9a4c0 Fix off-by-one error in parsing IFWI partition table
* e0b1e02 Update main.yml
* 161c697 Update main.yml
* 573452e Update main.yml
* 166c797 add Micron XM25RH128C
* 0e11189 fix a few misspellings
* daf5851 Update README.md
* 1cba371 Update guids.csv
* 4992474 Fix CPD Extension offset (reverts 29915ca)
* 29915ca Fix CPD Manifest's partition offset
The ACCESSPERMS patch has been removed, because upstream
already dealt with this. Libreboot had made the same fix
independently, without realising that upstream also did.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this matches cbmk, where inject.sh is the file name
this will make future cherry-picks of lbmk->cbmk easier
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is in prep for the next change, where non-init
functions will be moved to another file, again named
include/lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
a lot of init code was handled outside of any function. the
coding style used in the rest of the build system has now
been introduced, with xbmk_init being the main function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this was used alongside the xgcc linking, so that coreboot
trees could specify that another tree was to be downloaded.
since this variable will no longer be used, it should be
removed, to avoid dead code bloat.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the "xtree" variable is used by projects such as u-boot,
to export a CROSS_COMPILE variable specifying prefix for
gnu compilers, and for building the named coreboot tree.
for example, xtree can be "default", which is then the
coreboot tree downloaded, for use of crossgcc.
however, it is also used to symlink identical versions
of crossgcc between coreboot trees. this latter feature
was only needed for fam15h boards which were previously
split between two mostly identical coreboot trees, that
were later merged into a single tree, and this feature
is therefore no longer used.
remove this dead code, to reduce bloat in the build system.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In the previous revision, I make hardcoded use of
/usr/local/bin and /usr/bin as search locations, instead
of relying on PATH, when the user has a python venv, because
in those cases, we cannot rely on PATH so we use a python
command to detect the venv and then force use of the
normal system path for python.
However, there's no guarantee that the real Python will
indeed live at these locations. For example, some distros
like Nix or Guix will use many locations for different
versions of a given package, and it's for the birds as to
what given package version the user might be running.
Therefore, this patch retains that current hardcoded
assumption of /usr/local/bin and /usr/bin but *only* as
a fallback solution, instead checking realpath first.
The "realpath" command isn't technically POSIX standard,
but in practise it is available on GNU coreutils, Busybox,
and the various BSD userlands.
I could perhaps *import* a realpath utility, and use that,
but this should be fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
If the user has a virtual environment, the current logic
will cause lbmk to hang. A useful workaround is to force
use of the direct path to the system binary of python.
This works by detecting a virtual environment first, and
deferring to the old behaviour if no venv is found. If one
is found, then it will not rely on PATH, but instead only
search the standard locations /usr/local/bin and /usr/bin.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This prevents a build error, as the variable is no longer
used at all by coreboot (EHCI mapping is used as reference
instead).
Signed-off-by: Leah Rowe <leah@libreboot.org>
Also: hp8300cmt_16mb did not specify a data.vbt path, even
though it is indeed available in the coreboot tree. This
has been corrected.
The previous lack of VBT on hp8300cmt_16mb wasn't really a
big problem, since coreboot handles initialisation anyway,
and it's basically optional on Linux. Coreboot doesn't parse
VBT at all.
This patch should fix build errors, that were caused on the
recent revision update, where several of the HP desktops
have now been turned into variants.
Signed-off-by: Leah Rowe <leah@libreboot.org>
alper made a fix to this file a few hours ago, but
forgot to update the copyright header
i'm doing it for alper, as a courtesy
Signed-off-by: Leah Rowe <leah@libreboot.org>
this board became a variant, in the new coreboot revision that
lbmk recently updated to. fix the data.vbt path to prevent error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a file containing one byte, of value zero
i meant to add it in previous commits, for the resizing
and shrinking of tarballs when inserting or deleting
vendor files
used by include/vendor.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
Properly set $pyver to "3" when we detect we can use python3. In the
following version checks, use the $python we detected instead of a
'python' from PATH because the latter might be a python2 while still
co-existing with a python3.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
I also cherry-picked a patch from Heads, that fixes build
issues caused by the hacks in the T480 port; several changes
made by Mate are now ifdef'd based on whether a KabyLake
ThinkPad is specified in defconfig.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is currently the latest revision of coreboot.
Other coreboot trees to follow. The "next" tree will
also be merged with coreboot/default, in a follow-up
commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A number of regressions were caused by the recent CVE fixes,
many of which have since been fixed upstream. This includes
several ext4 file system bugs, which caused some systems not
to boot properly, when dealing with very large initramfs files.
No additional patching has been made. This will be tested, and
then used to provide a revision update for Libreboot 20241206.
After this, there are several additional OOT patches that will
be merged, for the next *testing release* of Libreboot.
Update to this revision, for all GRUB trees:
a4da71dafeea519b034beb159dfe80c486c2107c
This brings in the following changes from upstream:
* a4da71daf util/grub-install: Include raid5rec module for RAID 4 as well
* 223fcf808 loader/ia64/efi/linux: Reset grub_errno on failure to allocate
* 6504a8d4b lib/datetime: Specify license in emu module
* 8fef533cf configure: Add -mno-relax on riscv*
* 1fe094855 docs: Document the long options of tpm2_key_protect_init
* 6252eb97c INSTALL: Document the packages needed for TPM2 key protector tests
* 9d4b382aa docs: Update NV index mode of TPM2 key protector
* 2043b6899 tests/tpm2_key_protector_test: Add more NV index mode tests
* 9f66a4719 tests/tpm2_key_protector_test: Reset "ret" on fail
* b7d89e667 tests/tpm2_key_protector_test: Simplify the NV index mode test
* 5934bf51c util/grub-protect: Support NV index mode
* cd9cb944d tpm2_key_protector: Support NV index handles
* fa69deac5 tpm2_key_protector: Unseal key from a buffer
* 75c480885 tss2: Add TPM 2.0 NV index commands
* 041164d00 tss2: Fix the missing authCommand
* 46c9f3a8d tpm2_key_protector: Add tpm2_dump_pcr command
* 617dab9e4 tpm2_key_protector: Dump PCRs on policy fail
* 204a6ddfb loader/i386/linux: Update linux_kernel_params to match upstream
* 6b64f297e loader/xnu: Fix memory leak
* f94d257e8 fs/btrfs: Fix memory leaks
* 81146fb62 loader/i386/linux: Fix resource leak
* 1d0059447 lib/reloacator: Fix memory leaks
* f3f1fcecd disk/ldm: Fix memory leaks
* aae2ea619 fs/ntfs: Fix NULL pointer dereference and possible infinite loop
* 3b25e494d net/drivers/ieee1275/ofnet: Add missing grub_malloc()
* fee6081ec kern/ieee1275/init: Increase MIN_RMA size for CAS negotiation on PowerPC machines
* b66c6f918 fs/zfs: Fix a number of memory leaks in ZFS code
* 1d59f39b5 tests/util/grub-shell: Remove the work directory on successful run and debug is not on
* e0116f3bd tests/grub_cmd_cryptomount: Remove temporary directories if successful and debug is not on
* e6e2b73db tests/grub_cmd_cryptomount: Default TMPDIR to /tmp
* 32b02bb92 tests/grub_cmd_cryptomount: Cleanup the cryptsetup script unless debug is enabled
* c188ca5d5 tests: Cleanup generated files on expected failure in grub_cmd_cryptomount
* 50320c093 tests/util/grub-shell-luks-tester: Add missing line to create RET variable in cleanup
* bb6d3199b tests/util/grub-shell-luks-tester: Find cryptodisk by UUID
* 3fd163e45 tests/util/grub-shell: Default qemuopts to envvar $GRUB_QEMU_OPTS
* ff7f55307 disk/lvm: Add informational messages in error cases of ignored features
* a16b4304a disk/lvm: Add support for cachevol LV
* 9a37d6114 disk/lvm: Add support for integrity LV
* 6c14b87d6 lvm: Match all LVM segments before validation
* d34b9120e disk/lvm: Remove unused cache_pool
* 90848a1f7 disk/lvm: Make cache_lv more generic as ignored_feature_lv
* 488ac8bda commands/ls: Add directory header for dir args
* 096bf59e4 commands/ls: Print full paths for file args
* 90288fc48 commands/ls: Output path for single file arguments given with path
* 6337d84af commands/ls: Show modification time for file paths
* cbfb031b1 commands/ls: Merge print_files_long() and print_files() into print_file()
* 112d2069c commands/ls: Return proper GRUB_ERR_* for functions returning type grub_err_t
* da9740cd5 commands/acpi: Use options enum to index command options
* 1acf11fe4 docs: Capture additional commands restricted by lockdown
* 6a168afd3 docs: Document restricted filesystems in lockdown
* be0ae9583 loader/i386/bsd: Fix type passed for the kernel
* ee27f07a6 kern/partition: Unbreak support for nested partitions
* cb639acea lib/tss2/tss2_structs.h: Fix clang build - remove duplicate typedef
* 696e35b7f include/grub/mm.h: Remove duplicate inclusion of grub/err.h
* 187338f1a script/execute: Don't let trailing blank lines determine the return code
* ff173a1c0 gitignore: Ignore generated files from libtasn
* fbcc38891 util/grub.d/30_os-prober.in: Conditionally show or hide chain and efi menu entries
* 56ccc5ed5 util/grub.d/30_os-prober.in: Fix GRUB_OS_PROBER_SKIP_LIST for non-EFI
* 01f064064 docs: Do not reference non-existent --dumb option
* 3f440b5a5 docs: Replace @lbracechar{} and @rbracechar{} with @{ and @}
* f20988738 fs/xfs: Fix grub_xfs_iterate_dir() return value in case of failure
* 1ed2628b5 fs/xfs: Add new superblock features added in Linux 6.12/6.13
* 348cd416a fs/ext2: Rework out-of-bounds read for inline and external extents
* c730eddd2 disk/ahci: Remove conditional operator for endtime
* f0a08324d term/ns8250-spcr: Return if redirection is disabled
* 7161e2437 commands/file: Fix NULL dereference in the knetbsd tests
* 11b9c2dd0 gdb_helper: Typo hueristic
* 224aefd05 kern/efi/mm: Reset grub_mm_add_region_fn after ExitBootServices() call
* 531750f7b i386/tsc: The GRUB menu gets stuck due to unserialized rdtsc
* f2a1f66e7 kern/i386/tsc_pmtimer: The GRUB menu gets stuck due to failed calibration
* 13f005ed8 loader/i386/linux: Fix cleanup if kernel doesn't support 64-bit addressing
Signed-off-by: Leah Rowe <leah@libreboot.org>
initialising variables, setting PWD, setting version,
this is all unnecessary before the root check, because
the dependencies commands use none of these.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk creates TMPDIR as /tmp/xbmk_*, but it's theoretically
possible that something could re-export it by mistake.
this change retains the same initialisation, but further
use is now via a new variable "xbmktmp", that stores the
value of TMPDIR upon lbmk's initialisation of it.
this reduces the chance of such a bug in the future, as
described above, so it is a preemptive/preventative fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the next part checks whether the file is below 512k,
so there's no point checking if it's below 2, because
the lowest a file size can be is zero, and expr will
produce a result of -1 if decrementing from zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
merge it with git_prep, since it's only a small
function and only called from there. the merged
code still makes sense and its purpose is still
quite clear on casual reading.
Signed-off-by: Leah Rowe <leah@libreboot.org>
merge it with git_prep, since it's only a tiny
function and only called from there. the for
loop moved to the if block still makes sense
on casual reading.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the "u" argument can actually be any thing. git_prep
handles git submodules only for single-tree projects,
under any candition, or on multi-tree projects if
the number of arguments to git_prep is above four.
"u" is the 5th argument, meant to enable submodule
downloads. it really doesn't matter what this string
says, so let's just make it as clear as possible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the combination of x_ with the "e" function enables
for much simpler file-check error handling, which is
a unique innovation of lbmk as it pertains to sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the cbfs function will call cbfstool, which will perform
the same check, and the same error condition would cause
the same exit behaviour in lbmk. the error message would
also provide output that is just as useful for debugging.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There was no error handling, *at all*, on the actual tar
command, due to the lack of set -o pipefail, which we cannot
rely on in sh.
The x_ wrapper can be used in this case, as a mitigation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it wouldn't exit with error status anyway, since i'm
setting +e here, but if that accidentally changed in
the future, i still wouldn't want this to exit.
the bruteforce me extraction naturally throws a lot of
errors, hence +e, because of how the extraction works,
but the result is checked at the end of the process,
to compensate. hence +e, because otherwise this brute
force extraction would never work.
therefore, this is an extremely theoretical bug fix, the
most quintessential of preemptive bug fixes, to the point
that it is actually rather pedantic.
The ":" in "|| :" will likely *never* be executed, but it
handles the theoretical case where the subshell exits with
non-zero status and +e is set; subshells aren't meant to
behave this way anyway, but who knows what cursed sh
implementation the user is on?
Signed-off-by: Leah Rowe <leah@libreboot.org>
We can't do set -o pipefail in POSIX sh, which we're using,
but the build system has x_ which wraps around a command
and executes it, exiting with non-zero status if it does.
This fact enables lbmk to have functionality that is actually
superior to pipefail, since you can more easily control
specifically which parts error.
For example:
foo | bar | foo2 | bar2 | $err "error"
ERROR exits with non-zero status, but foo2, bar and foo
would not exit on error, only bar2 would. In *bash*, which
we avoid, set -o pipefail would make all of them exit on
error, but what if you wanted "bar" to not exit?
With lbmk, you could do, in the above example, and with the
above question asked ("what if you wanted bar not to exit"):
x_ foo | bar | x_ foo2 | bar2 > file | $err "error"
of course, you could also do, if not outputting to "file":
x_ foo | bar | x_ foo2 | x_ bar2
NOTE: in lbmk, $err is a variable containing the name of
a function that does something (whatever you want) and
then exits with non-zero status.
This entire explanation is beyond the scope of simply
providing (and explaining) this fix, but I also wanted to
use this commit as an example of the power of lbmk with
regards to POSIX shell scripting.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in these if clauses, what follows afterward is exactly
the same: set xchanged and return.
Therefore, these lines are redundant and they can be
removed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This change finally ensures that no insertions will be
attempted, on the basis that readkconfig failed; this
covers the instance whereby vcfg was set, but no scanned
items were indicated e.g. Intel ME files not specified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This should speed up automated tests. Otherwise, it goes
through all the extra checks that aren't needed, for each
individual type of vendor file, and also errors out when
handling pico serprog images; during automated testing,
on the bin directory, you might try on every tarball, one
of which is the pico tarball and this patch makes lbmk skip
that one too.
In general, we must not perform unnecessary tasks. Doing so
may even cause other bugs that we couldn't easily detect.
Signed-off-by: Leah Rowe <leah@libreboot.org>
x_ cannot be used, where output is redirectod to a file;
only the conventional piping can be used.
same as the last change. this and the other fix were caught
during testing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
x_ cannot be used, where output is redirected to a file;
only the convention piping can be used, for errors.
relying on x_ in these cases will cause unpredictable bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i can't call $err (variable), because it's set
to fail_inject. fix this infinite loop, which
was an oversight in the previous commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I was using a complicated method of knowing whether
the current instance was parent or a child, to know
whether the lock file and TMPDIR needed to be purged.
It was quite error-prone too. Instead, I'm now handling
it directly from within the if statement that previously
initialised xbmk_parent=y, forking ./mk from there.
The forked instance would not trigger that if clause
again, since then TMPDIR is created, thus avoiding
recursion.
This is an improvement because it doesn't rely on how
the parent handles exit statuses, and it ensures that
the lock/tmp files are never accidentally deleted.
Even if a given program/script that lbmk runs would
export TMPDIR, it doesn't matter because lbmk doesn't,
so it would be unaffected.
Signed-off-by: Leah Rowe <leah@libreboot.org>
because the top-down function order isn't as reliable
in lib.sh, since this is what first runs, included
in every other script
Signed-off-by: Leah Rowe <leah@libreboot.org>
script/ no longer exists. this means that the
only executable script in lbmk is now mk.
script/trees was never called directly; instead,
we used ./update trees in the past, then just ./mk.
this is part of a larger audit to simplify lbmk,
in preparation for the next Libreboot release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
write to .version and .versiondate, instead
of version and versiondate.
this will hide them to avoid visual clutter while
analysing files within lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these are obsolete commands for backward compatibility,
but they are being removed before the next release.
the documentation has for some now only referenced use
of the ./mk commands, making lbmk live up to its name!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i'm removing all the backward-compatibility in the
build system, so that only the ./mk command is available
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, the current return prevents set -u -e
after the case/switch block, which is a problem if
set +u +e was done at any point before the return.
Remove the return in the roms) section of the case/switch
block, and make the building of coreboot images part of
an else clause.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, the error message will never be incorrect,
which i had to fix in a recent patch.
now, the same string is used for error messages and getopt.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is not necessary. the fetch mode is still handled,
as before, and no make commands will run in this case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of running pwd all the time, run it once in lib.sh,
and export PWD.
for lbmk-specific use of PWD, use xbmkpwd, which contains
the value of PWD as was set by the pwd utility in lib.sh.
many parts of lbmk rely on pwd, and it *must* be correct.
this change adds basic error handling, since pwd can in
fact return errors in some cases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's incorrect for PATH not to be set, but some users
may foolishly blank it out before running lbmk.
prevent such issues, by initialising it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
PWD could be anything, if the user manually exported
it before running lbmk.
always run pwd instead, to get the real string.
Signed-off-by: Leah Rowe <leah@libreboot.org>
several code lines were condensed together, which
make them less readable. make the code more readable
by having separate commands on separate lines.
i previously did this during my manic build system
audits of 2023 and 2024; condensing lines like this
is overly pedantic and serves no real purpose.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The "mode" variable is used as a suffix for make commands,
for example ./mk -m sets mode to "menuconfig", which means
you want to run "make menuconfig".
When fetching sources (./mk -f), I was setting mode to "fetch",
and putting checks in code to avoid use of make when mode was
set to "fetch".
The behaviour now is identical, except that a new variable
called "do_make" is set to "n" when doing ./mk -f, otherwise
set to "y", and this is checked instead. This should make
the meaning of the code somewhat clearer.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I was importing a patch for the z790 boards, but
Libreboot doesn't support this board yet, and the
patch was a hack that may affect other boards.
When I do later merge that board, and I find that the
hack is needed, I'll simply make another grub tree
within lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
_fsp is obsolete. people should use _vfsp
_fsp was kept for a short while, for backward compatibility,
but nobody really uses it now and it just causes confusion
Signed-off-by: Leah Rowe <leah@libreboot.org>
You can find information about these patches here:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
GRUB has been on a crusade as of late, to proactively audit
and fix many security vulnerabilities. This lbmk change brings
in a comprehensive series of patches that fix bugs ranging from
possible buffer overflows, use-after frees, null derefs and so on.
These changes are critical, so a revision release *will* be issued,
for the Libreboot 20241206 release series.
This change imports the following 73 patches which
are present on the upstream GRUB repository (commit IDs
matched to upstream):
* 4dc616657 loader/i386/bsd: Use safe math to avoid underflow
* 490a6ab71 loader/i386/linux: Cast left shift to grub_uint32_t
* a8d6b0633 kern/misc: Add sanity check after grub_strtoul() call
* 8e6e87e79 kern/partition: Add sanity check after grub_strtoul() call
* 5b36a5210 normal/menu: Use safe math to avoid an integer overflow
* 9907d9c27 bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t
* f8795cde2 misc: Ensure consistent overflow error messages
* 66733f7c7 osdep/unix/getroot: Fix potential underflow
* d13b6e8eb script/execute: Fix potential underflow and NULL dereference
* e3c578a56 fs/sfs: Check if allocated memory is NULL
* 1c06ec900 net: Check if returned pointer for allocated memory is NULL
* dee2c14fd net: Prevent overflows when allocating memory for arrays
* 4beeff8a3 net: Use safe math macros to prevent overflows
* dd6a4c8d1 fs/zfs: Add missing NULL check after grub_strdup() call
* 13065f69d fs/zfs: Check if returned pointer for allocated memory is NULL
* 7f38e32c7 fs/zfs: Prevent overflows when allocating memory for arrays
* 88e491a0f fs/zfs: Use safe math macros to prevent overflows
* cde9f7f33 fs: Prevent overflows when assigning returned values from read_number()
* 84bc0a9a6 fs: Prevent overflows when allocating memory for arrays
* 6608163b0 fs: Use safe math macros to prevent overflows
* fbaddcca5 disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails
* 33bd6b5ac disk: Check if returned pointer for allocated memory is NULL
* d8151f983 disk: Prevent overflows when allocating memory for arrays
* c407724da disk: Use safe math macros to prevent overflows
* c4bc55da2 fs: Disable many filesystems under lockdown
* 26db66050 fs/bfs: Disable under lockdown
* 5f31164ae commands/hexdump: Disable memory reading in lockdown mode
* 340e4d058 commands/memrw: Disable memory reading in lockdown mode
* 34824806a commands/minicmd: Block the dump command in lockdown mode
* c68b7d236 commands/test: Stack overflow due to unlimited recursion depth
* dad8f5029 commands/read: Fix an integer overflow when supplying more than 2^31 characters
* b970a5ed9 gettext: Integer overflow leads to heap OOB write
* 09bd6eb58 gettext: Integer overflow leads to heap OOB write or read
* 7580addfc gettext: Remove variables hooks on module unload
* 9c1619773 normal: Remove variables hooks on module unload
* 2123c5bca commands/pgp: Unregister the "check_signatures" hooks on module unload
* 0bf56bce4 commands/ls: Fix NULL dereference
* 05be856a8 commands/extcmd: Missing check for failed allocation
* 98ad84328 kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols()
* d72208423 kern/dl: Use correct segment in grub_dl_set_mem_attrs()
* 500e5fdd8 kern/dl: Fix for an integer overflow in grub_dl_ref()
* 2c34af908 video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
* 0707accab net/tftp: Fix stack buffer overflow in tftp_open()
* 5eef88152 net: Fix OOB write in grub_net_search_config_file()
* aa8b4d7fa net: Remove variables hooks when interface is unregisted
* a1dd8e59d net: Unregister net_default_ip and net_default_mac variables hooks on unload
* d8a937cca script/execute: Limit the recursion depth
* 8a7103fdd kern/partition: Limit recursion in part_iterate()
* 18212f064 kern/disk: Limit recursion depth
* 67f70f70a disk/loopback: Reference tracking for the loopback
* 13febd78d disk/cryptodisk: Require authentication after TPM unlock for CLI access
* 16f196874 kern/file: Implement filesystem reference counting
* a79106872 kern/file: Ensure file->data is set
* d1d6b7ea5 fs/xfs: Ensuring failing to mount sets a grub_errno
* 6ccc77b59 fs/xfs: Fix out-of-bounds read
* 067b6d225 fs/ntfs: Implement attribute verification
* 048777bc2 fs/ntfs: Use a helper function to access attributes
* 237a71184 fs/ntfs: Track the end of the MFT attribute buffer
* aff263187 fs/ntfs: Fix out-of-bounds read
* 7e2f750f0 fs/ext2: Fix out-of-bounds read for inline extents
* edd995a26 fs/jfs: Inconsistent signed/unsigned types usage in return values
* bd999310f fs/jfs: Use full 40 bits offset and address for a data extent
* ab09fd053 fs/jfs: Fix OOB read caused by invalid dir slot index
* 66175696f fs/jfs: Fix OOB read in jfs_getent()
* 1443833a9 fs/iso9660: Fix invalid free
* 965db5970 fs/iso9660: Set a grub_errno if mount fails
* f7c070a2e fs/hfsplus: Set a grub_errno if mount fails
* 563436258 fs/f2fs: Set a grub_errno if mount fails
* 0087bc690 fs/tar: Integer overflow leads to heap OOB write
* 2c8ac08c9 fs/tar: Initialize name in grub_cpio_find_file()
* 417547c10 fs/hfs: Fix stack OOB write with grub_strcpy()
* c1a291b01 fs/ufs: Fix a heap OOB write
* ea703528a misc: Implement grub_strlcpy()
Signed-off-by: Leah Rowe <leah@libreboot.org>
I think newlines look better here. The indent that bullet-pointed lists
have, does not seem natural at the start of the document.
Signed-off-by: runxiyu <me@runxiyu.org>
SeaBIOS has been supported for a long time and seems to be the
"recommended" payload nowadays (though usually with GRUB too). I haven't
seen Tianocore / EDK II been mentioned in a while. U-Boot support was
added as of Libreboot 20241206-rev8.
Signed-off-by: Runxi Yu <me@runxiyu.org>
genisoimage is not a an AUR package as suggested by aur_notice. It is
available in the "cdrtools" package in the repositories.
References: https://archlinux.org/packages/extra/x86_64/cdrtools/
Signed-off-by: Runxi Yu <me@runxiyu.org>
after setting the checksum too
this is functionally no different, but setting it
at the start didn't sit right with me.
it's more logically correct to set it at the end,
in case any error did not result in an exit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We're checking if errno is ENOTDIR, not setting it;
the previous code would always return true, and then
set errno 0, which in the context of this code was
actually OK, so this patch makes no functional difference
in practise.
However, I'm a stickler for technical correctness. I caught
this when trying to compile with clang, because clang is
quite pedantic about checking for exactly this type of bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
previously, if the user ran:
./nvm GBE [MAC address]
it would error, treating the MAC as a command
now if only 3 arguments are provided, and the
3rd argument ins't a valid command, it's treated
as a MAC address and validated accordingly.
this should make nvmutil easier to use, because
I imagine a lot of users forget to use setmac
there's no reason we should be so pedantic. we
should allow it to be used flexibly like this
Signed-off-by: Leah Rowe <leah@libreboot.org>
On the 16KB and 128KB files, we still only need to
operate on 4KB at the start of each block, where the
block size is larger than 4KB.
The reason we deal with the entire 4KB block is because
the nvm words (in the 128 byte section) can define an
extended nvm area anywhere after 128 bytes, within the
128 byte block.
We could systematically read where that is being handled,
and handle it; we could then allocate less memory, and
read/write fewer bytes, but many block devices like SSDs
and flash drives have at least a 4KB erase block anyway,
so it's kinda pointless. saving memory would be nice, but
I don't really want to bloat the code.
This is a nice easy optimisation, to avoid wasting an
additional 8KB of memory when handling 16KB files, and
additional 120KB if handling 128KB files, since nf is
what determines how much memory will be allocated.
the alternative would be to use an mmap, and then we
could reasonably handle the idea above for only writing,
surgically, what we need: nvm words and extended nvm
words.
Signed-off-by: Leah Rowe <leah@libreboot.org>
./nvm gbe.bin
with this patch, the above example does the same as:
./nvm gbe.bin setmac
now you can simply specify the gbe file, and it will
randomise the mac address within it, and update the
nvm checksum word.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, we still get an error exit for example
when trying to invalidate an already invalid
checksum; this error exit was disabled by the
last revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is for user friendliness. Otherwise, many users
might try to dump afterward if they specified a random
MAC address.
This saves the user from having to re-run with the dump
command, thus saving time for the user.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of setting errno in the for loop, set a variable
declaring that the mac was updated, and reset errno based
on that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if checksum verification passed, then we should reset
in case we're operating on a given part and the last
one checked was bad.
a catch-all reset is already performed in writeGbe,
but it's good to do it here too.
in practise, if the 2nd part (part 1) is what failed,
errno still wouldn't be reset.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it will probably never happen, and this is technically
not an error condition of pread/pwrite, but we need it
to read and write that exact number of bytes, as per nf
Signed-off-by: Leah Rowe <leah@libreboot.org>
it wouldn't occur, on the current logic, but i wasn't
comfortable having the starting point (on little endian)
being higher than the checked endpoint, in case of
possible integer overflow as a result of future
modifications.
this is therefore a pre-emptive bug fix, because it doesn't
yet fix a bug, but it prevents a bug from being introduced.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The 128-byte nvm area is all that we need to handle,
since that is the only thing we actually work on in
nvmutil, based on checksum verification; the latter
implies that bytes must be in the correct order.
The swap() function previously worked on the entire
block, e.g. 4KB on 8KB files, 8KB on 16KB files and
64KB on 128KB files, and it did this twice, so it would
have operated on anywhere between 8KB to 128KB of data.
It now only operates on 256 bytes at a maximum, or 128
bytes if only handling one block. This is a significant
performance optimisation, on big endian host CPUs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
previous audits sizecoded nvmutil.c, reducing the sloccount,
but this resulted in unreadable code.
move the swap logic (swap parts) back to its own function,
for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also cmd_brick
where the checksum is being corrected or bricked, we
only need to handle the 128-byte nvm area on one of
the parts
similarly, we only need to allocate half the gbe file
size when doing a copy command.
256 bytes still allocated for setmac (see previous
commit), because we verify both checksums and set both
parts if possible.
with this, nvmutil is now much more memory-efficient.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Allocate memory based on nf instead of partsize.
nf is the number of bytes actually read from each
part of the file.
Now if the user is running setmac for example,
256 bytes of memory will be allocated regardless
of gbe file size, whereas it would have previously
allocated 8KB, 16KB or 128KB depending on the file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were allocating 128KB even if we only needed 8KB, for
example. It's not a lot of memory, but the principle of
the matter is that we must respect the user by not wasting
their memory.
The design of nvmutil is that it will never overflow, because
operations are mapped in memory to the exact size of the gbe
file, which can be 8KB, 16KB or 128KB, and this is enforced.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The buf variable is only used once, and only so
that we can get a pointer. We can point to buf16
instead, for the same result.
The gbe pointer (size_t) is later converter to
a char * when writing back to the file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
For example, if the brick command is used without specifying
a part number. Instead of saying "Invalid argument", show a
much more useful error message to help the user adapt.
Signed-off-by: Leah Rowe <leah@libreboot.org>
call pledge *much* earlier, and and lock everything down
much sooner. the point of pledge/unveil is precisely that
your program must operate under the most restrictive set
of conditions possible, and still function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
tell the user exactly what they got wrong, instead
of simply printing "bad mac address", which is not
very helpful to the user
Signed-off-by: Leah Rowe <leah@libreboot.org>
See:
https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-mobile-p/intel-600-series-chipset-family-on-package-platform-controller-hub-pch-datash/spi0-for-flash/
The rules described there are universal, and replicated elsewhere
for many other platforms. The rules are simply:
* Flash descriptor is one block size, e.g. 4KB
* GbE is two block sizes, so if IfD is 4KB, GbE is 8KB
Intel defines 16KB and 128KB GbE files in specs, pertaining to
8KB and 64KB block sizes respectively.
The minimum size is 4KB blocksize, for 8KB GbE files which
we already supported. On larger block sizes, the same 4KB
parts are observed: a single 4KB IfD area at the start of
the block, and:
4KB GbE part at the start of the GbE region, and:
4KB GbE part at the start of GbE region plus block size
The empty space inbetween is padding, and we ignore it,
except when running swap/copy commands.
The nvmutil code has been modified, to create a 128KB buffer in
memory instead of 8KB, for loading GbE files.
Partsize is set to GbE file size divided by 2, and only the
area of memory we need to use is mapped; for example, if
we're loading a 8KB GbE file into memory, we only touch
the first 8KB part of the buffer, or first 16KB for 128KB
files.
In practise, we almost never see GbE files with sizes higher
than 8KB, but *we have seen it*, *AND NOW IT'S SUPPORTED!"
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were checking directories *after* calling unveil, which
means that the sandboxing was incomplete; we only want files
to be accessed, not directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A lot of size-coding was performed in prior audits, to
make the sloccount lower on nvmutil, but this resulted in
code that wasn't very human readable.
I've reversed some of it and added comments, for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user might have boot their kernel inside luks
inside lvm for some dumb reason
it's theoretically possible that the user would be
so silly indeed
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were scanning a hardcoded set up LVM volumes, so in practise,
LVM boot didn't really work. We did this because scanning for
asterisk is slow on some machines. However, since LVM is the last
one, and since most users don't boot directly from LVM, it wasn't
that much of an issue in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were previously not handling picotool at all, and
pico-sdk would download picotool itself, at build time.
This means that the source archive, if created, would
not contain picotool. While not strictly required, for
complete corresponding source, since it's a toolchain
and not the actual pico-serprog firmware, it is my policy
that releases must include full corresponding source code,
when it is feasible to do so.
I must say, I intensely dislike cmake, with such burning
passion; I am thoroughly displeased by how hacky this is,
but it works and now nothing is in my way for a Libreboot
20241206 rev8 release!
Signed-off-by: Leah Rowe <leah@libreboot.org>
See:
https://docs.python.org/3/library/sys.html#sys.version_info
The sys.version_info tuple is a more reliable way to
get the version. Our previous logic assumed that Python
would always output "Python versionnumber", but this may
not always be how it works. We've seen this for example
where Debian modifies some GNU toolchains to include Debian
something in the output.
Python has a standard method built in for outputting exact
the information we need. In my system, what I got was this:
(3, 11, 2, 'final', 0)
That output was from running this command:
python -c 'import sys; print(sys.version_info[:])'
This is much more robust, so use this instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Backlight controls already worked on the T480/T480s, if you
used software-based controls e.g. set a hotkey for
xbacklight, but the actual Fn buttons on the keyboard did
not function at all; this patch fixes that issue
This also fixes LEDs on T480, on warm reboot, which are
otherwise off. It sets them back to the state they were
at on cold boot.
Both fixes are from Mate Kukri in the new T480 patchset.
In addition to these fixes, Mate made several code quality
improvements as part of efforts to upstream this code into
coreboot's main branch.
Updated coreboot T480 patchset to patchset 25. This change
will be reflected next in a modification to the Libreboot
documentation.
I had to make several other fixes on top of this; see diff.
A debug option was being enabled relating to stack overflow
detection, which we ought to avoid to mitigate over-zealous
build errors and stack corruption at boot; an errant option
for an EC we don't use was also being enabled, by some code
in coreboot relating to a Dasharo board; both issues have
been mitigated in this lbmk patch, by patching the upstream
coreboot build system in this patch.
As part of this change, the coreboot/next tree within lbmk
has been updated. Existing patches have been rebased.
This brings in the following changes from upstream, relative
to the previous revision used on coreboot/next:
* 2f1e4e5e85 mb/hp/snb_ivb_desktops/z220*: Remove leftover old usb configurations
* 9e859154ea mb/hp/snb_ivb_desktops: Remove unused includes
* 70b33cb38d ec/google/chromeec/acpi: Add support for generic LPC memory range
* f2ad73b5d1 mb/google/rauru: Raise little core CPU frequency from 700MHz to 2.4GHz
* 044017b4cd mb/google/rauru: Initialize PMICs in romstage
* 397c3e3c52 mb/google/fatcat/var/fatcat: Add touchpad wake source
* e18f0f53cb mb/google/fatcat/var/fatcat: Change touchpad interrupt to edge trigger
* a8b4ee246d mb/google/nissa/var/rull: Configure Acoustic noise mitigation
* c09fd09edf tree: Use "true", "false" for has_power_resource
* 1e64875265 mb/google/fatcat: Remove unused <stdio.h>
* f316ab6796 mb/google/fatcat/var/francka: Fix early pad configuration for TPM
* 6ca2c3c415 soc/mediatek/mt8196: Fix indentation in Makefile.mk
* 94c1307fdb soc/mediatek/mt8196: Add dynamic power-saving for peripheral clocks
* 67b140a949 tree: Use "true", "false" for fine_grained_control
* 97923aebe1 mb/prodrive/atlas: Add initial support for options
* 1a16146795 Fix up CFR's open issues
* 7e8d8cdea2 mb/google/rauru: Initialize SPM
* 3153432b83 soc/intel/alderlake: Add function to force disable memory channels
* 8ea2b0ab46 mb/google/fatcat/var/francka: Use RAM ID 2 for MT62F2G32D4DS-020 WT:F
* 5f600a8ee9 mb/google/fatcat: Limit Power Limit when battery is missing
* 5213646241 ec/google/chromeec: Add function to detect barrel charger
* 5ef70e5f22 ec/google/chromeec: Add API to check if battery is critically low
* 42fd35b486 ec/google/chromeec: Add API to check if charger is present
* 56370d0283 ec/google/chromeec: Add API to check if a USB PD charger is attached
* 001e7a0b45 soc/mediatek/mt8196: Add MT6685 Clock IC driver
* 5852841ca7 soc/intel/meteorlake: Use ASPM helpers from Alder Lake
* b04f057efd mb/google/rex/var/kanix: Add Synaptics touchpad
* af0c2e7a2e mb/prodrive/atlas: Remove the workaround for CLKREQ pins
* 13316c644b mb/google/fatcat/var/fatcat: Modify interrupt GPIO for LPSS I2C touchpad
* 825e9173b4 soc/mediatek: Distinguish pmic_init_setting function name
* d65ff8492c soc/intel/xeon_sp/spr/acpi: Fix regression
* 291778a1bd mb/google/corsola: Add new board variant Wyrdeer
* 745dcc861d mb/google/corsola: Refactor mipi_panel_power_on function
* 79f60c6b22 mb/google/nissa/var/telith: Disable stylus function
* d7934bdd53 Doc/soc/amd/family15h: Fix URLs to AMD documents
* 3cb7db4075 soc/mediatek/mt8196: Add PMIC MT6316 driver
* 60bce10750 drivers/mipi: Add support for KD_KD110N11_51IE panel
* d4c80054a4 soc/mediatek/mt8189: Enable timer compensation v2.5
* 403846f177 soc/mediatek/mt8196: Define MFGPLL_*_BASE using MFGSYS_BASE
* b3edaa7b10 mb/google/rauru: Implement SKU ID
* b470b48718 mb/google/rauru: Add support for getting storage id
* 24a5048948 mb/google/nissa/var/pujjo: Add new supported memory part
* c6e27c5fbf mb/google/nissa/var/rull: Add G2 touchscreen to devicetree
* 639def1d84 mb/google/fatcat/var/fatcat: Enable FPS
* acb8c870b2 mb/google/fatcat: Suppress unnecessary extra space in device trees
* d79ba5565d mb/google/nissa/var/telith: Modify PLD for typeC and typeA
* 620d2fab06 soc/mediatek/mt8189: Replace SPDX identifiers to GPL-2.0-only OR MIT
* d90b1322ab commonlib: Refactor CSE sync eventLog
* 4ef6c13b38 mb/google/brya: Adjust EC memory map range to support indexed IO
* 1e90bbadfa ec/google/chromeec: Add indexed IO support
* a8ab708584 mb/google/nissa/var/quandiso2: Create a quandiso2 variant
* 78f610a0ae util/docker/doc.coreboot.org: Allow git to work in envs owned by root
* 38ee22f6da util/docker/doc.coreboot.org: Use Alpine minor instead of point releases
* 0196c3b6a4 util/docker/doc.coreboot.org: Get rid of bash workarounds
* 897b46693b util/docker/doc.coreboot.org: Don't create volumes
* a0c45cbf1f 3rdparty/fsp: Update submodule to upstream master
* aa562d2881 soc/mediatek/mt8189: Add GPIO driver
* 40a863cd60 soc/mediatek/mt8189: Initialize watchdog
* 1380ed0cd2 soc/mediatek: Add support for MediaTek firmware support package
* 4f92943c89 soc/mediatek/common: Rename GPT_MHZ to TIMER_MHZ for readability
* 5a73692e0c soc/mediatek/mt8196: Add SPM loader
* 306660c2de util/crossgcc: Update CMake from 3.30.2 to 3.31.3
* f3adc74e44 mb/google/fatcat: Keep GSPIx interface default PCI
* 809e704101 soc/intel/pantherlake: Rename GSPI2 to GSPI0A
* 222ef676f9 soc/intel/pantherlake: Add ACPI name for GSPI2
* 1fda7027c0 util/crossgcc: Update ACPICA from 20230628 to 20241212
* e35175bb38 Update vboot submodule to upstream main
* 9eb4c5aff8 util/ifdtool: Fix memory leaks
* 87ae3573b5 mb/starlabs/starlite_adl: Configure GPIO interrupt for Virtual Button
* eaf87422b1 ec/starlabs/merlin: Add Intel Virtual Button Driver for Tablet Mode
* a1532790b9 docs: Add 24.12 release notes
* 8c0df740c7 mb/google/nissa/var/gothrax: Add probe and GPIO config for HDMI and touchpanel
* f6fcff5511 docs/security/vboot: Update supported boards
* 0dba17da0c mb/google/brya/uldrenite: Add WWAN RW350R-GL power on sequence
* 2c4af7cd29 mb/topton/adl: Enable TPM2 (Intel fTPM/PTT)
* c11558d4c7 mb/asus/p8z77-m: Drop GPIO by I/O
* 4f1a1adef6 mb/topton/adl: Disable mapped SATA port
* 81cbe11361 mb/asus/p8z77-m: Revert SIO IRQ settings carried from OEM
* 9578c67c77 mb/google/brox: Include CSE reset in mainboard reset expectation
* 5af5e66686 util/cbfstool: eliminate late sign of life event
* 0797c40d52 src/soc/intel/cmn/blk/cse: Log cse sync information
* 9a15a1ed21 soc/intel: Log CSE Sync Early Sign of Life event from a better place
* c812c78618 mb/trulo/var/uldrenite: Support USB_OC on the A0 port
* ee1a766f05 mb/trulo/var/uldrenite: Set GPP_B5 and B6 to ISH function
* 87c9d93a62 mb/google/skywalker: Add MediaTek MT8189 reference board
* 6bd51ce42a soc/mediatek/mt8189: Add a stub implementation of MT8189 SoC
* ea646c0514 mb/google/rauru: Add pwrsel init in romstage
* c3265da005 soc/mediatek/mt8196: Add pwrsel driver
* 30d8e1880a ec/google/chromeec: Publish LPC GMR address range via CREC _CRS
* bb85775d92 soc/intel/cmn/acpi: Add ACPI method to get LGMR address
* 84347d0b45 payloads/Linuxboot: Fix u-root build
* 7bcec7a2ef payloads/LinuxBoot: Build x86_64 with host toolchain
* e3150e819d util/crossgcc: Add libstdcxx target
* 61385c4976 soc/mediatek/common: Move SPM_SYSTEM_BASE_OFFSET to soc folders
* 6625dee027 soc/mediatek/common: Use array to represent spm_sw_rsv registers
* cd8d6861f6 soc/mediatek/common: Move some functions to spm_v1.c
* 91fe658714 drivers/option: Add forms in cbtables
* 4d4776f320 mb/emulation/qemu-sbsa: Configure flash region for MMU
* dfef1895f2 mainboard: Add MiTAC Computing Whitestone-2 (LGA-4677)
* caf8f9f60f mb/google/brya/var/uldrenite: Enable PMC, HECI and SRAM devices
* b668c756bf mb/trulo/var/uldrenite: Configure audio (max9360a, rt5682)
* 941f994809 mb/trulo/var/uldrenite: Configure Network
* 600e7810fb mb/trulo/var/uldrenite: Configure USB ports and mapping
* 0261cbe8e9 mb/trulo/var/uldrenite: Configure serial_io and I2C
* 113205bcd1 mb/trulo/var/uldrenite: Enable eMMC and DLL tuning parameters
* 0dd227f9c1 mb/trulo/var/uldrenite: Enable DPTF, S0ix and configure FIVR setting
* 0ce153c8df mb/google/nissa/var/rull: For probe, change unprovisioned to unknown
* b57308f437 mb/google/rauru: Add SD card configurations
* e969a3df87 soc/mediatek/mt8196: Add SD card configurations
* 8be835ce3c soc/mediatek/mt8196: Add tracker driver
* 78560f9958 soc/mediatek/mt8196: Add MMinfra driver support
* 0b252ef8b4 util/mtkheader: Add GFH header for mt8189 bootblock code
* 540eb5ba73 cpu/qemu: Enable IDT_IN_EVERY_STAGE
* f9d6fd4e0f soc/intel/xeon_sp: Enable IDT_IN_EVERY_STAGE
* c3dee9eaba cpu/intel/car/romstage: Fix false-positive stack corruption
* b659fb5cea mb/ocp/tiogapass: Wait for BMC
* 7c0556244d drivers/wifi: Update Drive Strength BRI Rsp Table revision
* 70bdd2e1fa cpu/x86/topology: Simplify CPU topology initialization
* 3a2ffba231 soc/intel/xeon_sp: Introduce early_pch_init
* 48ed4b0f85 soc/intel/xeon_sp/lbg: Add support to hide HDA
* a857c81122 arch/x86: Disable DEBUG_STACK_OVERFLOW_BREAKPOINTS_IN_ALL_STAGES
* 45dabe846d mb/google/brox: Apply ISH_FW_VERSION in Kconfig
* e0b1a0dbec vc/intel/fsp/mtl: Update MTL fsp header files from 3471_91 to 4122_21
* c20fd2fc3f 3rdparty/fsp: Update submodule to upstream master
* e5b5fc345a soc/intel/xeon_sp: Improve PCI INTx IRQ routing for Gen6
* 673075f102 util/cbfstool: Add eventLog support for ELOG_TYPE_FW_CSE_SYNC
* 3235b7c6d5 commonlib: Add ELOG_TYPE_FW_CSE_SYNC eventLog type
* 4a0c49e671 soc/intel/pantherlake: Keep image clock configuration enable
* 51cc2bacb6 soc/intel/pantherlake: Disable stack overflow debug options
* eeb6f67eec Docs: Convert bare URLs into hyperlinks
* 2609519704 mb/google/rauru: Implement regulator interface
* 8c6426c1b4 soc/mediatek/mt8196: Add PMIC MT6373 driver
* bda5b83661 mb/google/brya/var/uldrenite: update gpio settings
* afb11d05b9 mb/google/trulo/var/uldrenite: Add memory config
* 46df9e1d38 mb/google/brya/var/marasov: Enable GPP_F9 GPIO for early panel power-on
* 04d33b90ec mb/google/fatcat: config GPP_F23 as ISH gpio pin
* 16ab83b34a soc/mediatek/mt8196: Initialize SSPM
* b793209b80 mb/google/brox/var/jubilant: Disable Tccold Handshake
* 2f1e67bbc7 mb/google/nissa/var/glassway: Modify touch screen ILIT2901 sequence
* a1c50f233d soc/mediatek/mt8196: Add PMIC MT6363 ADC driver
* 8910b6ba7d soc/mediatek/mt8196: Add PMIC MT6363 driver
* c215889442 soc/mediatek/mt8196: Add PMIF and PMIC driver support
* 27fa0595de soc/mediatek/mt8196: Add mtcmos init support
* 61a00269a2 mb/amb/birman*/gpio: remove configuration for VDD_MEM_VID[0,1]
* 38b59164ca ec/google/chromeec: Define ACPI_NOTIFY_CROS_EC_MKBP constant
* 50c9747d87 drivers/usb/intel_bluetooth: Add GBTR Method
* 0bb4a220a8 soc/intel/common/cnvi: Fix GBTE path in comment
* d33244c3af drivers/usb/intel_bluetooth: Relocate BTRK to \_SB.PCI0
* 04b9627e07 drivers/usb/intel_bluetooth: Fix GBTE to return Local0
* c3f9dd3af3 drivers/usb/intel_bluetooth: Change the Power Resource to S0
* 1cf8d84f3b mb/google/nissa/var/rull: Add 6W and 15W DPTF parameters
* 62a9d670bf mb/google/brya/var/uldrenite: Add HDA verb tables
* 56278eeed8 mb/google/rex/var/kanix: Enable/Disable PCIE WLAN based on fw_config
* 6d3346068b intel/common/block: Program the right power_limits_config entry
* 35bf4bc59c commonlib: Add generic word-at-a-time optimization to ipchksum()
* e987ba45d6 soc/mediatek/mt8196: Add booker driver
* aa3cfd5c69 haswell NRI: Post-process selected timings
* 4a4ad2b1e6 haswell NRI: Initialise MPLL
* 41c2e1685e soc/intel/xeon_sp: Add PCU PCI drivers
* 8721757aca soc/intel/xeon_sp/skx: Configure IOAPICs
* e9c546b153 arch/x86: Rename breakpoint removal function
* 0351872731 arch/x86: Add breakpoint to stack canary
* 572da7c524 acpi/acpigen: generate Create*Field() from name string directly
* 2e9aebf63f mb/google/fatcat: Enable Intel DPTF support and configure policies
* a8ff286185 mb/google/fatcat: Enable Bayhub Level 2 errata
* 230e646d98 mb/google/fatcat: Remove redundant GPIOs for x1 slot
* fbacae625a soc/intel/ptl: Enable UFS functionality by adding IRQ programming
* b67e001a85 soc/intel/pantherlake: Fix UFS ACPI _ADR calculation
* 2496943b5c mb/google/brox/var/jubilant: Set PCIe root port 5 speed to Gen2
* dfdb210e26 soc/intel/common/block: Fixup itss_get_on_chip_dev_pirq
* 223dabef56 soc/intel/common/block: Add const qualifier for input of pirq ops
* afc49fa013 soc/intel/xeon_sp: Remove lpc_lockdown_config
* 1a4ab38035 soc/mediatek/mt8196: Rename SCP to SPM base variables
* 3189afbdee soc/intel/common: Drop locking function fast_spi_set_vcl
* 01bf34cb28 soc/intel/xeon_sp: Support _PRT reporting for domain
* 1399dd8086 soc/intel/xeon_sp: Skip not pre-routed devices in _PRT reporting
* a5362f6d73 soc/mediatek/mt8196: Enable ARM Trusted Firmware integration
* 42a696090f Update arm-trusted-firmware submodule to upstream master
* 861413b295 mb/google/nissa/var/riven: Set PCIe root port 4 speed to Gen2
* d5a11293ff soc/intel/alderlake: Add support for PCIe speed setting
* 5b447d00f5 soc/intel/pantherlake: Fix UFS ACPI inclusion in southbridge.asl
* 1c51c3e57f device/pci_ids: Add Pantherlake-H GT2 (DID2)
* 15109603c6 mainboard/ocp/tiogapass: Enable TPM
* 94d200c394 soc/intel/xeon_sp/cpx: Add missing FADT fields
* 534585d7bd soc/intel/xeon_sp/skx: Drop ACPI_FADT_8042
* 98ca450a53 soc/intel/xeon_sp: Use generate_p_state_entries
* 28c03b501e mb/ocp/tiogapass: Implement mainboard_dimm_slot_exists
* 74ee80d207 soc/intel/xeon_sp/cpx: Fix register lock
* e1a0e6b738 soc/intel/xeon_sp/skx: Fix CPU init
* b04ecb2a5f arch/x86: Enable support for IOAPIC devices
* a7437ca340 soc/intel/common/block/cse: allow CSE telemetry on non-lite CSE SKU
* 0d284bfc36 soc/intel/mtl/acpi/gpio.asl: fix missing gpio.h include
* aeb5ccd129 ec/dasharo/ec: add Dasharo features
* 820c7e06d2 soc/mediatek/mt8196: Set DRAMC_PARAM_HEADER_VERSION to 4
* d8104af174 mb/google/rex/var/kanix: Disable FP_MCU based on fw_config
* 075a13b775 mb/google/fatcat: Update Soundwire codec address based on devicetree
* 2411942a05 drivers/soundwire/alc711: Add common Kconfig for ALC7xx soundwire codecs
* 534f81d165 mb/google/fatcat: Update flash layout
* 1b175a64e3 soc/intel/ptl: Populate SMBIOS Type 4 with unique serial number
* 4b574281f0 soc/intel/cmn/pmc: Retrieve SoC QDF information via PMC IPC
* 4ce5304879 soc/intel/xeon_sp: Advertise DIMMs on skylake_sp as well
* 5613f0e6be soc/intel/xeon_sp: Fix debug print
* 0d827a5810 soc/intel/xeon_sp: Drop SOC_INTEL_MMAPVTD_ONLY_FOR_DPR
* d3aa108acf drivers/ipmi/ocp: Add missing include
* 37e9c22089 libpayload: configs: Add new config.featuretest to broaden CI
* bcced7caea commonlib/device_tree: Make END token part of struct_size
* 8ad1ee9b0a util/intelp2m: Print the current project version
* 1b9c312273 intelp2m/patform/sunrise: Add unit tests
* 2394795279 intelp2m/patform/lewisburg: Add unit tests
* bce3363412 intelp2m/patform/apollolake: Add unit tests
* 6abf66c8f3 util/intelp2m/parser/template: Add unit test
* 6b43e4ba33 MAINTAINERS: Add Yuchi and Vasiliy for Intel Atom Snow Ridge SoC
* 5cedebf874 soc/intel/xeon_xp: Remove 1 bytes losing in lower DRAM
* cd30d94ae5 mb/google/brya/var/uldrenite: Generate RAM ID and SPD file
* cda1e7e553 mb/google/nissa: Create pujjogatwin variant
* c0ccace4d5 .checkpatch.conf: Set max line length to 96
* 6f2a8ee8cc soc/mediatek/mt8196: Require DRAM blob to exist
* 850cf7d07a Update blobs submodule to upstream main
* 75424efdc4 soc/amd/common/psp/psp_def.h: increase P2C_BUFFER_MAXSIZE
* 179945291c soc/amd/common/psp/rpmc: fix printk format string
* 9b308f4d54 soc/amd/common/psp/psp_smi: report errors in 'handle_psp_command'
* 5613f209c7 soc/amd/common/psp_smi_flash: implement SPI flash RPMC command handling
* b1f954bc6c soc/amd/common/block/psp/psp_smi_flash.h: fix struct element types
* ce01117aa5 drivers/spi: add RPMC support
* 78270ef3f1 Documentation/tutorial/managing_local_additions.md: Add symlink info
* 0a7c3ed514 soc/mediatek/mt8195: Fix SCP register address
* 4c8547704f mb/google/rauru: Add 2nd source TAS2563 amps to support beep
* ac83b48cba soc/mediatek/mt8196: Add audio base address definition
* c661933a24 soc/mediatek/common: Add read16/write16 support for PMIF
* c107755701 vc/intel/fsp: Update PTL FSP headers from 2382_01 to 2431.00
* a417acdfbc mb/google/fatcat: Remove unnecessary prototype
* d095f1ea45 soc/amd/glinda: Update MCA banks
* 8df4eefd44 soc/mediatek/mt8196: Reserve DRAM buffers for HW TX TRACKING
* 5c766bc150 mb/purism/librem_cnl: Add ramtop to cmos.layout for librem_mini
* 2007792b08 mb/purism/librem_l1um_v2/ramstage.c: Use DEV_PTR macro
* 7f54139a81 Docs/mb/starlabs/labtop_cml.md: Fix footnote syntax
Signed-off-by: Leah Rowe <leah@libreboot.org>
wip2
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already check the python version, and set a variable
for it, so that we can reliably use python3, even if
python in PATH doesn't correspond to python3. for
example if a system has python as python2 and python3
as python3
well, we use that when running deguard for example, but
various upstream projects that we use may need python,
and all of them use python3, not 2
so, re-use the python variable set up by lbmk, and
set it up in PATH accordingly. this now makes the note
about python3 obsolete, on docs/build.md in lbwww.git
Signed-off-by: Leah Rowe <leah@libreboot.org>
They may not actually always be binary blobs, at least not
software. I started referring to these as "vendor files" some
time ago, for this reason.
With this terminology, it applies properly to any sort of file
from the vendor. For example, it may be that in the future, we
start inserting the MFS section of an an Intel ME image, into
the Intel ME.
We already do that with deguard for example (set MFS config),
on MEv11 based setup. That is a vendor *file*, and though it
may still actually be a binary blob, it's not software, but
configuration.
The term "blob" normally means compiled software, in most people's
minds, but the term blob is technically accurate for any blob,
not just software; however, we have to keep people's perception
in mind.
Whereas, "vendor file" is also understood by most people to
include code supplied by the vendor.
We haven't done any releases yet with this ROM image file name
prefix, so it's perfectly OK to handle it now, without handling
the old one for backwards compatibility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Users running setmac on an X200 tarball for example, will
now see it being modified, if they didn't specify
setmac keep, so they might think vendor files are being
inserted, which they are not.
Therefore, a confirmation is provided at the end of the output.
Signed-off-by: Leah Rowe <leah@libreboot.org>
./mk inject libreboot-YYYYMMDD_board.tar.xz setmac restore
This does the same thing as a normal setmac command, except
that it does not alter the MAC address; it is also not the
same as "keep", which skips *writing* the GbE region in-ROM.
The *restore* argument writes the default, unmodified GbE file
kept by lbmk, unmodified because nvmutil is skipped when the
user specifies this argument.
This option is useful for debugging purposes, because it can
be used to verify whether anything else is being wrongly
modified by the script; the "nuke" command can be executed
afterward, and the hash file inspected versus release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
MAC addresses are generic, inside Libreboot images where
an Intel GbE region is specified.
We commonly get users flashing multiple systems for their
own use, and sometimes they complain that they networking
broke, because they don't know that the MAC address is
identical on each machine.
This still doesn't work around the case where the same machine
is used, e.g. multiple T440p thinkpads, but if they have one
of each model, it can work nicely, because we do in fact
change it for various platforms.
This change will also reduce the number of people at conferences
in the future, where there are multiple Libreboot users, having
MAC address conflicts.
Changing the MAC address is a good practise, so we enforce good
practise. The user can still retain the old behaviour by
using this command:
./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac keep
The "keep" argument clears new_mac, which will then skip
changing the MAC address. They can also still set an arbitrary
MAC address as an argument for setmac, e.g.:
./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac 00🇩🇪ad:c0:ff:ee
This change will be covered in the documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if the user ran this on an x60 tarball, the no-gbe
warning seems confusing since that one has intel gbe,
but pre-ifd, so no gbe region in the flash; on pre-ifd
systems e.g. ich7 southbridge, the mac address was baked
into a separate gbe nvm on mask rom, inaccessible to users
Signed-off-by: Leah Rowe <leah@libreboot.org>
We already have code to handle this, but it's possible
that I might break it in the future, due to the complex
logic of this script.
So, I've implemented this catch-all check at the end of
the process. It still relies on the actual setting of
the variables, upon which this check is based, to be set
correctly.
This condition will most certainly never be met, unless
I break some other part of the code in the future. That
is precisely what this overly pedantic check is for.
Example scenarios:
I forget to set xchanged=y, on a new modification.
I set has_hashes erroneously.
The variables are re-used between runs, and not properly
reset; at present, a given run of ./mk inject only
operates on a single target, but this latter fact could
change in the future.
need_files is set erroneously; vendorfiles detected as
being required, when they aren't.
These are just a few examples. As such, this is a preventative
bug fix, because it's preventing a bug.
The main reason I want this i n here is because I need to ensure
that vendor files are properly deleted, for a given release.
If I accidentally includes ones that I'm not supposed to,
inside ROM images, that could be a big problem.
Signed-off-by: Leah Rowe <leah@libreboot.org>
where the nuke command is used, we need the files to be
there; if they're not, it will try to nuke them, which will result
in an error in most cases, but there may be some cases where that
isn't true, for instance if only the Intel ME is needed; it'll be
writing zeroes over zeroes.
we want to only allow technically correct behaviour, because
technically correct is the best kind of correct.
it is theoretically possible that a double-nuke might affect
certain behaviours unpredictably. for example, if vendor.sh
later integrates another tool that works whereby the same command
inserts or nukes depending on a certain condition, but with the
same command, and where that command would return zero in both
cases.
this is a preventative bug fix, because it fixes an issue that
does not yet actually occur in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user must be well-informed as to the next step, which
this script directly influences
guide the user accordingly
Signed-off-by: Leah Rowe <leah@libreboot.org>
The message at the end that states a file was
not modified, is not currently printed when vendor
files are not needed, and setmac is not used.
This patch fixes that, so the user now sees a
confirmation of such change, or lack thereof.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is because the user may have specified setmac.
I tried without this change, on a fresh lbmk, setting
the MAC address on an X200 tarball, and it produced an
error that ifdtool was unavailable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Observe the following prior patch:
commit 818f3d630c
Author: Leah Rowe <leah@libreboot.org>
Date: Fri Jan 3 17:06:14 2025 +0000
vendor.sh: Don't error if vcfg is unset
Now:
This patch made vendor inject more robust, and speeds
up the processing of images where no vendor files are
needed, but it broke setmac on such tar archives.
This new patch works around it. For example, I was
able to run ./mk inject on an X200 tarball to change
the MAC address; no vendorfiles are inserted, because
it's not needed.
The further check for whether a board uses Intel GbE
still protects against accidental modification.
Signed-off-by: Leah Rowe <leah@libreboot.org>
probably not actually needed, but it annoys me that it doesn't
come installed by default, and it's needed for certain git
operations
Signed-off-by: Leah Rowe <leah@libreboot.org>
It should return 1 instead, in readcfg(), because this
is not an error condition; vcfg not being set means
that the board doesn't use vendor files, which is
perfectly normal and should not yield an error.
This fixes a build error under certain conditions,
found during release-build testing.
This bug was exposed when I fixed double quoting issues
as per shellcheck tests.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it should fix more build errors that might have appeared
in the aforementioned revision, mentioned in the previous
commit message
Signed-off-by: Leah Rowe <leah@libreboot.org>
the bug was actually caused by chkvars
add an escape for the quotes and bam. fixed.
without this, i got the following e.g.
For command: ./mk dependencies debian
Output:
./mk: 1: [: apt-get: unexpected operator
ERROR ./mk: pkg_add unset
Someone reported a similar issue with the Arch one,
which is also now fixed. This regression was caused
by the previous commit:
commit 0cf58c2273
Author: Leah Rowe <leah@libreboot.org>
Date: Thu Jan 2 23:52:45 2025 +0000
fix lbmk shellcheck errors
I forgot to escape the double quotes in an eval.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This check is a good idea, but not viable here,
because the modules naturally aren't set in all
circumstances, so it just causes a build error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the gnu.org mirror is always slow for some reason, but only
for gnulib. it may only be for me, because routing in other
countries/networks may differ.
when i'm freshly cloning lbmk modules, gnulib is always really
slow, like 300KB/s (bytes, not bits)
i have 1gbps internet and wish to not have 2005-era speeds,
thank you kindly!
Signed-off-by: Leah Rowe <leah@libreboot.org>
Mention Riku's copyright in the COPYING file, and update
my years in that file. Add Riku to the AUTHORS file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The user might wish to uninstall, but not remove the
build that they just did.
The user can still do make clean if they wish.
Signed-off-by: Leah Rowe <leah@libreboot.org>
DESTDIR is the root directory where it goes, which
is normally an empty string; PREFIX is where the
bin directory is located, relative to DESTDIR
Default to /usr/local for PREFIX, not /usr, because
/usr/bin is for system utilities.
nvmutil is a local utility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't want to clobber anything that the user set themselves.
Instead, we should respect the user's choice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This makes the code easier to understand.
All 2-byte words, stored in little endian order within
the 128-byte GbE NVM area, must add up to 0xBABA.
If it doesn't, then software is supposed to reject that
GbE config. The nvmutil software works on that basis.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make it look like hexdump -C, where individual bytes are
spaced, and there is an additional space after 8 bytes,
per row.
i won't bother with a character display, since that is
meaningless on gbe nvm words.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i also removed that printf, because the path it prints is
actually wrong sometimes; in the recent re-write of vendor.sh,
it prints the correct path instead
Signed-off-by: Leah Rowe <leah@libreboot.org>
There was also a condition in run_make_command that is now
an OR, where it was an AND, on script/trees, to fix the use
of mixed (and erroneous) OR/AND operators.
I'm planning a much more invasive audit than this. These are
light fixes, intended for Libreboot 20241206 rev8.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't extract to bin/release/
Modify the tarball instead. Previously, the tarball would
not be modified, but a lot of users thought the tarball was
being modified and ignored bin/release/, where the injected
images were actually being saved to.
Don't copy the tarball either. Just modify it in-place.
Don't allow single-rom injection either; only allow the
tarball-based method.
The command syntax has changed, but:
./mk inject tarball.tar.xz
This is the same. What has changed is nuke, and MAC address
modification. Observe:
./mk inject tarball.tar.xz nuke
./mk inject tarball.tar.xz setmac
./mk inject tarball.tar.xz setmac ??:??:??:??:??:??
./mk inject tarball.tar.xz setmac 00:1f:16:??:22:aa
These are just a few examples. The MAC address syntax is
the same as used for nvmutil, which means you can set it
randomly. Also:
./mk inject tarball.tar.xz setmac
You can use the *setmac* command *repeatedly*, even if
you've already injected a given archive. It'll just
update the archive, but skip injecting other files
that were already injected.
If you use setmac without a MAC address, it will randomise
the MAC address. This is therefore very similar to the
command structure used in nvmutil.
The code for injection is generally more robust, with
stronger error checks. This design change was done, so
that the user doesn't accidentally brick their machine.
The non-injected images have a prefix in the file name
saying "DO_NOT_FLASH", and those non-injected images are
padded by 1 byte. That way, the user knows not to flash it
and if they try, flashprog will throw an error.
The prefix and padding is removed on injection. Old images
without the padding/prefix can still be injected, via
tarballs; this new code is backwards-compatible with tarballs
from older Libreboot releases.
A common thing I see sometimes is a user will say they have
a black screen or something, and I say: did you insert vendor
files? And they say yes. And they did. But they extracted and
flashed from the tarball, which wasn't injected, because
they didn't release about bin/release/
No amount of RTFM is justified. The previous design flaw
is a bug. We must always observe user safety first, no matter
what, so that has now been done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Must not exceed 79 lines. Some variables and functions have
been renamed, and there has been some minor re-factoring.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I don't like using SPDX for actual copyright declarations.
I only want it to be used for the license identifier.
Also:
I made a *single* change to nvmutil.c in 2024, which means
that I have copyright in all years since and including 2022;
the file said 2022, 2023, 2025, but it's actually 2022-2025.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I believed that the compressed nature of refcode was the only
non-reproducible thing, but turns out you also need to run
rmodtool on the refcode to make the binary relocatable in
cbfs. This is based on my reading of the coreboot Makefile.
With this change, I can now provide release binaries for
the HP EliteBook 820 G2.
Signed-off-by: Leah Rowe <leah@libreboot.org>
dnf reinstall package
or
dnf install package
for reinstall, do this:
./mk dependencies fedora41 re
this is an example command
the 4th argument prefixes "install" in dnf install
a bit hacky but it should work
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in a *single* change from SeaBIOS, because there
has only been one change in the main branch, and it's a bug fix.
The change from upstream is as follows:
commit 1602647f1be24fe63d11138d802e735c8e674e63
Author: Daniel Khodabakhsh <d.khodabakhsh@gmail.com>
Date: Thu Nov 7 18:46:16 2024 -0800
boot: Force display of the boot menu when boot-menu-wait is a negative number
Signed-off-by: Leah Rowe <leah@libreboot.org>
Although this is for a stable release revision, namely
Libreboot 20241206 revision 8, I've carefully audited the
upstream changes and they all seem fine.
Several important bug fixes have been imported with this change.
Most interestly, GRUB has also added support for TPM2 Key
Protectors; we don't use this feature yet, and probably won't
for the time being, since TPM is largely security threatre for
our purposes anyway. There's no harm including all upstream
revisions, up to those ones, since those modules are not yet
added in lbmk.
Most notably, there are several file system fixes, and minor fixes
to the graphics terminal of GRUB. Minor fixes only, in terms of
what Libreboot actually uses at present.
The full list of imported changes are as follows, relative to the
previous GRUB revision, which was b53ec06a1 from 17 June 2024:
* 6811f6f09 tpm2_key_protector: Enable build for powerpc_ieee1275
* ff14b89bd ieee1275/tcg2: Add TCG2 driver for ieee1275 PowerPC firmware
* 72092a864 ieee1275/tcg2: Refactor grub_ieee1275_tpm_init()
* 8c0b5f200 ieee1275/ibmvpm: Move TPM initialization functions to own file
* 7344b3c7c ieee1275: Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID
* 29d1bd2a9 term/ieee1275/serial: Cast 0 to proper type
* 99ee68a01 tss2: Adjust bit fields for big endian targets
* 3770a6905 docs: Document TPM2 key protector
* f898440cc tests: Add tpm2_key_protector_test
* 76a2bcb99 tpm2_key_protector: Add grub-emu support
* 135e0bc88 diskfilter: Look up cryptodisk devices first
* b35480b48 cryptodisk: Wipe out the cached keys from protectors
* 6abf8af3c cryptodisk: Fallback to passphrase
* fba3a474e tpm2_key_protector: Implement NV index
* 550ada7d6 tpm2_key_protector: Support authorized policy
* 5f6a2fd51 util/grub-protect: Add new tool
* ad0c52784 cryptodisk: Support key protectors
* 48e230c31 key_protector: Add TPM2 Key Protector
* 35c9904df tss2: Add TPM2 Software Stack (TSS2) support
* 63a78f4b4 tss2: Add TPM2 types and Marshal/Unmarshal functions
* 2ad159d9b tss2: Add TPM2 buffer handling functions
* 5d260302d key_protector: Add key protectors framework
* 3d60732f9 libtasn1: Add the documentation
* 99cda6788 asn1_test: Test module for libtasn1
* 504058e82 libtasn1: Compile into asn1 module
* 8a0fedef2 asn1_test: Enable the testcase only when GRUB_LONG_MAX is larger than GRUB_INT_MAX
* 66cf4cb14 asn1_test: Use the grub-specific functions and types
* 0d0913fc6 asn1_test: Print the error messages with grub_printf()
* 2e93a8e4b asn1_test: Remove "verbose" and the unnecessary printf()
* b7568e335 asn1_test: Return either 0 or 1 to reflect the results
* d60a04bae asn1_test: Rename the main functions to the test names
* 54e0e19a2 asn1_test: Include asn1_test.h only
* 0ad1d4ba8 libtasn1: Fix the potential buffer overrun
* 4160ca983 libtasn1: Use grub_divmod64() for division
* 8f56e5e5c libtasn1: Adjust the header paths in libtasn1.h
* d86df91cb libtasn1: Replace strcat() with _asn1_str_cat()
* 32fdfe600 libtasn1: Replace strcat() with strcpy() in _asn1_str_cat()
* fa498af7b libtasn1: Disable code not needed in GRUB
* 9a26abbc3 libtasn1: Import libtasn1-4.19.0
* c85c2b9f5 posix_wrap: Tweaks in preparation for libtasn1
* 4f6c46091 kern/fs: Honour file->read_hook() in grub_fs_blocklist_read()
* 792132c72 docs: Fix incorrect and potentially confusing language and minor formatting
* 1763d83f5 docs: Correct GRUB config file name for network boot
* 097fd9d9a docs: Correct chainloader UEFI secure boot info
* f48e6af11 docs: Correct PXE environment variables descriptions
* dd743ba42 loader/multiboot: Do not add modules before successful download
* 9a9082b50 grub-mkimage: Add SBAT metadata into ELF note for PowerPC targets
* f97d4618a grub-mkimage: Create new ELF note for SBAT
* f26b39860 commands/legacycfg: Avoid closing file twice
* 337cb2486 nx: Rename GRUB_DL_ALIGN to DL_ALIGN
* 31de991de kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
* f5bb766e6 nx: Set the NX compatible flag for the GRUB EFI images
* 94649c026 nx: Set page permissions for loaded modules
* 09ca66673 nx: Add memory attribute get/set API
* 9fb80dd57 modules: Load module sections at page-aligned addresses
* 6e2fe134e modules: Don't allocate space for non-allocable sections
* 2b79d550f modules: Strip .llvm_addrsig sections and similar
* 246c82cda modules: Make .module_license read-only
* 616adeb80 i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global
* 95a7bfef5 i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT
* 1b1061409 i386/msr: Extract and improve MSR support detection code
* 929fafdf5 i386/msr: Rename grub_msr_read() and grub_msr_write()
* d96cfd7bf i386/msr: Merge rdmsr.h and wrmsr.h into msr.h
* 86ec48882 commands/tpm: Skip loopback image measurement
* 3808b1a9b net/drivers/efi/efinet: Skip virtual VLAN devices during card enumeration
* e5f047be0 efi/console: Properly clear leftover artifacts from the screen
* c5ae124e1 kern/riscv/efi/init: Use time register in grub_efi_get_time_ms()
* 9c34d56c2 loader/efi/linux: Reset freed pointer
* 92bed41bf loader/efi/linux: Reuse len variable
* 33cb8aecd lib/x86_64/relocator_asm: Use .quad instead of .long
* 77cd623de lib/x86_64/relocator_asm: Fix comment in code
* 95145eea5 loader/efi/linux: Update comment
* d333e8bb3 util/grub-mkimagexx: Explicitly move modules to __bss_start for MIPS targets
* 34b7f3721 include/grub/offsets.h: Set mod_align to 4 on MIPS
* ed0651673 gentpl: Put boot/mips/startup_raw.S into beginning of the image
* 648f2d16c configure: Add -mno-gpopt option for mips and mipsel targets
* f0710d2d8 lib/xzembed/xz_dec_bcj: Silence warning when no BCJ is available
* e61157bbd fs/erofs: Replace 64-bit modulo with bitwise operations
* 5313fa839 configure: Look for .otf fonts
* 33b94f2a9 loader/efi/chainloader: Do not print device path of chainloaded file
* ab1e6fc04 docs: Document all GRUB modules
* 9537f4403 commands/bli: Fix crash in get_part_uuid()
Signed-off-by: Leah Rowe <leah@libreboot.org>
The T480 has no option table, because it lacks nvram, so the
default option applies, which seems to be power on after power
failure. This is undesirable on a laptop.
It's triggered simply when your laptop battery runs out, and
once triggered, it couldn't be configured at all.
Hard-code this. The documentation will be updated later on
after this patch is pushed, telling those users who want
to change this behaviour how to modify/remove the patch,
if they wish to to do so, because some people may actually
want to run a server on the OptiPlex 3050 Micro (or if they're
crazy like I am, they will host libreboot.org on a ThinkPad).
Signed-off-by: Leah Rowe <leah@libreboot.org>
We haven't seen any build errors, but it seems flashprog
sets -Werror on CFLAGS. If you provide WARNERROR=no as
a make argument, it avoids -Werror entirely.
This is a preventative fix, for over-zealous compilers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In Debian dependencies files. These are available in
Debian Stable, but liblz4-tool is a transitional
package referring to lz4; liblz4-tool transition
package is unavailable in Debian sid, so remove it
from the dependencies files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
./mk dependencies debian --reinstall
Add --reinstall and it'll do:
apt-get install --reinstall
This can be useful when updating from a stable release
to a testing release. The variable, "reinstall" can be
configured for other distros, but it's currently only
configured for Debian-based distros.
Also, it can be anything. For example, you could add -y;
however, a 4th argument will not be accepted. For example,
you cannot do:
./mk dependencies debian --reinstall -y
If you do this, it'll only see --reinstall; similarly, if
you did this command:
./mk dependencies debian -y --reinstall
then -y would be passed, but not --reinstall. This is an
intentional design decision, in case you accidentally pasted
or subshelled something that outputted something undesirable,
to prevent possible abuse.
Signed-off-by: Leah Rowe <leah@libreboot.org>
When doing ./mk release, the build system would create
symlinks inside xbmkpath/ relative to the current work tree,
which will differ from what's in PATH.
Since XBMK_CACHE is already set globally, from the main work
tree and the release-build work tree, that means we can know
reliably that PATH is always correct if we put xbmkpath/
inside XBMK_CACHE.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 7813205146.
I'm doing changes for 20241206 rev8. It was a mistake to
remove these; they will be removed again, after rev8.
The documentation standardised on ./mk a while ago now, and
it's almost time to remove these commands. However, anyone
using the old commands ought to be able to, up to and including
any revision of the Libreboot 20241206 release.
It is my intention that these legacy commands finally be
removed for the next testing release, as part of a much wider
build system audit that I'm doing between now and then.
(Libreboot Build System Audit 7 is underway, and several of
these early audit7 changes are going on 20241206 rev8; after
that, I will create a branch named 20241206_branch off of rev8,
and anything in master from then on will contain much wilder
changes, with more conservative changes in 20241206_branch)
Signed-off-by: Leah Rowe <leah@libreboot.org>
Tested on Debian Sid, as of 30 December 2024, which uses
Swig 4.3.0. Context here:
commit a63456b9191fae2fe49f4b121e025792022e3950
Author: Markus Volk <f_l_k@t-online.de>
Date: Wed Oct 30 06:07:16 2024 +0100
scripts/dtc/pylibfdt/libfdt.i_shipped: Use SWIG_AppendOutput
This patch from U-Boot upstream has been backported to the
release revision used by Libreboot. Swig has, since 4.3.0,
changed the language-specific AppendOutput functions, but
the helper macro SWIG_AppendOutput is identical; therefore,
upstream switched to this function.
The benefit of this fix is that since the newly used macro
is also the same on older Swig versions, and behaves the same,
this shouldn't fix building on older Swig versions. For reference,
the initial Libreboot 20241206 release, and revisions of it before
revision 8, was built on Debian 12 which uses Swig 4.1.0.
The rev8 release will still be compiled on Debian 12, but with
this change, it should also compile on Debian Sid, and bleeding
edge distros like Arch Linux.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In general, we don't want to mess with the hostcc, unless
we have to. To avoid other breakage, clear what we did
after crossgcc has compiled.
This is a follow-up to the previous patches, matching gcc
to gnat versions and vice versa, when compiling crossgcc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i intend for this function to work generically,
matching gnat to gcc or gcc to gnat, but there was
a hangover from the previous code where it specifically
assumed we were matching gnat
this bug manifested when i tested with gnat being v13
and gcc being v14 in path, where gcc-13 was also
available in path.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on debian trixie/sid after updating from stable,
sometimes gcc 13 and gnat 13 are both available, but
gcc resolves to gcc-14 and gnat-14 isn't available.
even when gnat-14 and gcc-14 are available, gnat will
still either resolve to gnat-13, or nothing at all.
in cases where gnat-14 is unavailable, but gcc and gnat 13
are both available, we should match gcc to gnat.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Remove all symlinks each time, to ensure that no
stragglers are left behind, since they are being
re-generated each time anyway.
The code for determining version numbers has now
been unified under gnu_setver()
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were checking the shorthand version number, but
the precise version numbers need to match.
Also: when we searched $PATH/gnat-$gccver, we assumed
that the full version would then match, without checking
it, so now it is checked precisely.
Signed-off-by: Leah Rowe <leah@libreboot.org>
When doing e.g. $@ we should use double quotes to prevent globbing.
Thanks go to XRevan86 for pointing this out.
Signed-off-by: Leah Rowe <leah@libreboot.org>
because if it says yes to everything, and the package
manager would otherwise ask whether you want to give
it your first born son, you are therefore agreeing to it.
so remove -y for safety
Signed-off-by: Leah Rowe <leah@libreboot.org>
When I tested Debian Trixie, and Debian Sid, I saw that
GCC in PATH pointed to gcc-14, but gnat in path pointed
to GNAT-13, even if you manually install gnat-14.
GNAT 14 was marked experimental, but GCC 14 was marked
for use, in the apt repositories.
So this patch doesn't address the mismatch when doing e.g.
apt-get install gcc gnat
I will address the actual package dependency in a follow-up
patch, on the Debian dependencies config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Hyperthreading is a risk factor for spectre/meltdown
and other attacks.
Disabling it is a best practise. Those who need it
can always turn this option back on. Otherwise, disabling
it by default is a simply courtesy to the average user,
in the interest of security.
Signed-off-by: Leah Rowe <leah@libreboot.org>
SeaBIOS was lagging a lot, on startup and when executing
almost any payload, especially when doing anything in the
ESC menu.
I set the debug level to *21*, and thoroughly analysed the
logs. I found entries such as this:
Checking for bootsplash
WARNING - Timeout at wait_reg8:81!
TCGBIOS: Return value from sending TPM2_CC_StirRandom = 0x00000000
WARNING - Timeout at wait_reg8:81!
TCGBIOS: Return value from sending TPM2_CC_GetRandom = 0x00000000
WARNING - Timeout at wait_reg8:81!
TCGBIOS: Return value from sending TPM2_CC_HierarchyChangeAuth = 0x00000000
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc16e
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc1c5
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc211
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc25d
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2a9
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2f5
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc341
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc38d
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc3d9
Searching bootorder for: HALT
Mapping hd drive 0x000f49e0 to 0
I'm not quite certain what the problem is, but disabling TPM2
made the problem go away; SeaBIOS is snappy again.
TPM is security threatre anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Previously serprog_rp2040, but we now also support
the RP2530 boards.
Therefore, serprog_pico is a nice generic name. The
directory on release archives will now be serprog_pico
instead of serprog_rp2040; it will contain serprog images
for both RP2040 and RP2530 devices.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this brings support for a new microcontroller platform rp2530.
total number of pico boards supported now: 97
TEST: built them all
Tested-by: Riku Viitanen <riku.viitanen@protonmail.com>
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
rp2040 and rp2530 platforms can't share a cmake build directory. we
could just delete the build directory after every compilation, but that
would be really wasteful (every tool would need to be recomiled every
time. instead create new build directories as new plaforms are found
and symlink them to the point where the build directory used to be.
to find out which platform we're compiling for, we crudely parse the
board headers file.
there surely would be better ways to do this, but this hack works
with all the boards in pico-sdk 2.1.0.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
change python3-distutils to python3-distutils-extra
the latter is still available in debian sid, but not
the former. however, installing this should still
provide the additional files required.
with this, the debian script is now compatible with
both debian sid and debian stable(bookworm, presently).
Signed-off-by: Leah Rowe <leah@libreboot.org>
set this variable in the tmpclone function. otherwise,
certain submodules might always download every time,
when handling multiple projects.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The Libreboot 20241206 release provided FSP pre-assembled
and inserted into the ROM images; the only file inserted
by vendor.sh was the Intel ME.
Direct distribution of an unmodified FSP image is permitted
by Intel, provided that the license notice is given among
other requirements. Due to how coreboot works, it must split
up the FSP into subcomponents, and adjust certain pointers
within the -M component (for raminit).
Such build-time modifications are perfectly fine in a coreboot
context, where it is expected that you are building from source.
The end result is simply what you use.
In a distribution such as Libreboot, where we provide pre-built
images, this becomes problematic. It's a technicality of the
license, and it seems that Intel themselves probably intended
for Libreboot to use the FSP this way anyway, since it is they
who seem to be the author of SplitFspBin.py, which is the
utility that coreboot uses for splitting up the FSP image.
Due to the technicality of the licensing, the FSP shall now
be scrubbed from releases, and re-inserted.
Coreboot was inserting the -S component with LZ4 compression,
which is bad news for ./mk inject beacuse the act of compression
is currently not reproducible. Therefore, coreboot has been
modified not to compress this section, and the inject command
doesn't compress it either. This means that the S file is using
about 180KB in flash, instead of about 140KB. This is totally OK.
The _fsp targets are retained, but set to release=n, because these
targets *still* don't scrub fsp.bin; if released, they would
include fsp files, so they've been set to release=n. These can
be used on older Libreboot release archives, for compatibility.
The new ROM images released for the affected machines are:
t480_vfsp_16mb
t480s_vfsp_16mb
dell3050micro_vfsp_16mb
Note the use of _vfsp instead of _fsp. These images are released,
unlike _fsp, and they lack fspm/fsps in the image. FSP S/M must
be inserted using ./mk inject.
This has been tested and confirmed to boot just fine.
The 20241206 images will be re-compiled and re-uploaded with this
and other recent changes, to make Libreboot 20241206 rev8.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We only use ./mk now.
./build still exists for now. This will be removed
in a future revision, when the trees script is removed
and merged with the main script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use ./mk instead, because in a future change to lbmk,
only ./mk will be used and the other commands will
be removed.
with this change, the ./vendor, ./build and ./update
commands are no longer used. these commands still work,
for backwards compatibility, but they are deprecated.
Signed-off-by: Leah Rowe <leah@libreboot.org>
When vendor files were not needed on a given board,
the script would directly exit. This is bad, because
the inject functions are called directly from the main
script, which means the parent instance of lbmk.
This means that the lock file and temporary files were
not being removed on exit. On a subsequent run, this
would cause the error stating that a lock file is present,
which would cause further error, making the user believe
something is broken in lbmk.
Modify the behaviour accordingly; exits are now returns,
and these are handled in the calling functions, in such
a way that a proper exit occurs, whereby temporary files
and the lock file are deleted.
For context, please read the main "build" script where
it calls vendor_inject and vendor_download. At the end
of that script, it calls tmp_cleanup, which removes the
TMPDIR that was created, and the lock file. In lbmk,
the TMPDIR is not /tmp, but rather a subdirectory
under /tmp, so that further calls to mktemp create
everything under one single temporary directory, which
lbmk automatically removes on exit.
Therefore, this patch also avoids leaving temporary files
laying around on the disk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The appdir.patch file was used on the older deguard
version, prior to Mate Kukri's rewrite. This patch is
no longer required, and no longer used, so it can be
removed safely from lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The exit was dependent upon install_packages returning
zero status, which it always would in practise, due to
its design, but this exit must always be observed, so
the code has been modified to honour this design.
A direct exit violates lbmk's design in most instances,
where a temporary directory and lock file has already
been created; at this stage, no such act was performed,
so a direct exit is perfectly acceptable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we needed these for extracting intel vga roms from
lenovoo updates, for t480, very briefly. about an hour
after i pushed that patch, mate kukri fixed libgfxinit
and then i removed the vgarom integration because it
wasn't needed anymore.
however, i forgot to remove geteltorito/mtools from
dependencies. some distros like fedora were problematic
about it.
the best thing about bugs is when you don't have to fix them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in this setup, seabios is never the default payload, grub is,
but only if grub is enabled.
set this in target.cfg:
payload_grubsea="y"
if payload_grub isn't enabled, this is auto-set to n
ditto if initmode=normal
NOTE: if flashing libgfx setups, you should make sure
that you're not booting with a graphics card, only intel
graphics. this setting will intentionally not be documented,
because it's not recommended, but is being implemented for
testing purposes (and i implemented it for some guy who i
think is cool). i'll probably also use this myself, since
i already do grub-only setups on all my own machines.
seagrub is the default on x86 because of past instabilities
with grub. to mitigate in case of future issues, since seabios
is always stable, we reduce the chance of bricks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we encountered 1MB flash so far, but we may encounter other
sizes on other machines when added to libreboot later on
Signed-off-by: Leah Rowe <leah@libreboot.org>
Though not used in coreboot builds, and not injected into the
builds in any way, these files are now created seperately when
handling T480/T480s vendor files:
vendorfiles/t480/tb.bin
vendorfiles/t480s/tb.bin
These are created by extracting Lenovo's ThunderBolt firmware
from update files. The updated firmware fixes a bug; older firmware
enabled debug commands that wrote logs to the TB controller's
own flash IC, and it'd get full up with logs, bricking the controller.
If you've already been screwed by this, you must flash externally,
using a padded firmware from Lenovo's updates.
Lenovo's own updater requires creating a boot CD or booting
Windows. This patch in lbmk auto-downloads just the firmware,
and you can flash it externally.
You could simply do this as a matter of course, when installing
Libreboot. You are recommended to update the Lenovo UEFI/EC firmwares
first, before installing Libreboot; please look at the Libreboot
documentation to know exactly which versions.
Then dump the ThunderBolt firmware first, to be sure, and then you
can flash these files. Flashing these updates will prevent the bug
described here:
https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t480-type-20l5-20l6/20l5/solutions/ht508988
You can download Lenovo's installers for various ThinkPad models
there, including T480s/T480s. It is these downloads that this lbmk
patch uses, to extract those files directly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
libreboot has a lot of users worldwide, some of whom live in
countries that punish being gay; if they look at libreboot or
boot it and it has the pride colours on it, it could actually
get them in trouble.
this fact occured to me, and i've decided therefore to revert
back to the boring plain logo.
though, perhaps we could actually properly design a new logo?
a new, modern logo, and a nicer website.
we'll see!
This reverts commit 401efb24b2.
for some reason, when the background is in memdisk, inserting
it into cbfs afterward doesn't override, despite this
being the behaviour in grub.cfg
put it in cbfs explicitly, and skip inserting into memdisk
Signed-off-by: Leah Rowe <leah@libreboot.org>
see patch for rationale. this should prevent instability caused
when the nvme randomly replugs under linux. sometimes e.g. nvme0n1
becomes nvme0n2 while the system is running.
in my case, that caused my raid1 to become unsynced every few days.
this issue was fixed on t480 by disabling pcie hotplug for its nvme
device, so the same fix has been applied for dell optiplex 3050 micro.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this was done with the following command:
./mk -u coreboot t480s_fsp_16mb t480_fsp_16mb
it was set to 256 but should be 512. the SPD is what
contains configuration data for raminit, which training
code uses so that the timings will be correct. if the SPD
size is wrong, the machine won't boot
in practise, lbmk always runs "make oldconfig" on
a coreboot config, before building it, so this was
already being corrected automatically at build time.
however, if that fact ever changes in the future, this
wrong configuration would cause the machines not to boot.
therefore, this can be considered a preventative or perhaps
pre-emptive bug fix.
this fix does not need to be applied to the 20241206 release,
because of the behaviour described above. the final ROM images
do have the spd size set correctly to 512, because of this
design feature in lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the previous commit changed an mv to a cp. what it hacked
was actually a relic of the vgarom download patch that i
did for t480, before mate got native video init working.
this patch is the better fix. i double checked to be sure,
and nothing was using the files at the copied location.
the _extracted directory under cache gets deleted later on,
so it's perfectly acceptable to keep.
the other alternative would have been to simply change
the path in the sch5545 function to appdir, instead of
the cache dir, but who really cares?
this patch removes bloat from lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I should have copied the extract directory, in cases
where it appears as filename_extracted/ under cache/,
but I was moving it instead.
Both locations (cache/file/*_extracted/
and vendorfiles/appdir/) get deleted, on every run of
the vendor script, per target, so this is OK.
The only sin is additional use of disk space, for
archives that are mostly very small and get immediately
deleted anyway.
This one lbmk bug, minor though it may be, prevented
the Libreboot 20241205 release, which (since it's now
the 6th of December) will become Libreboot 20241206
instead - and that gives me time to contemplate whether
I want to do one more change that I had planned for the 5th!
Signed-off-by: Leah Rowe <leah@libreboot.org>
Nope! Bootflow menu is cursed on this machine.
Too many issues in U-Boot on this machine. I did however
boot a Debian installer after it booted, using bootflow.
The installed system wouldn't boot with bootflow, but I could
then boot it with "bootefi bootmgr".
I'll rig up a uart on the T480 when I get round to it and
start investigating U-Boot bugs on this board.
I don't want people flashing something that doesn't work.
GRUB and SeaBIOS work, so ship those, and don't ship U-Boot.
This reverts commit 19ec440a6f.
u-boot does work after a few reboots. it just boot loops.
let it run. it should be able to boot from nvme. sata still needs
some work (sata only works in grub, on this machine)
This reverts commit cd9baca5d6.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's green there. different colour scheme apparently.
still works on x86. alper said his kevin chromebook was green!
Signed-off-by: Leah Rowe <leah@libreboot.org>
The bootflow menu is already the default boot command on x86. Switch
arm64 boards to that as well, so instead of booting the first thing we
find, we can easily choose what to boot.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Otherwise, you have to press enter to boot your distro.
With this, a timeout is created. After a number of seconds,
which can be reconfigured, the first option selected will be booted,
when generating a bootflow menu.
The timeout is disabled when you navigate the menu; it only
kicks in if you don't input anything on the keyboard.
More information about how this works is in the U-Boot patches,
within this patch. I've set the timeout to 8 seconds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, you have to press enter to boot, which is unacceptable
for headless operation.
Pressing anything other than enter an an option, such as the arrow
keys, will disable the timeout.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is used for factoryy bios dumps, in cases where
boards require extraction of ME and so on,
instead of downloading online.
Signed-off-by: Leah Rowe <leah@libreboot.org>
On coreboot for example, as Mate has told me, if you're
making Kconfig changes and re-compiling, sometimes the
actual image that you build might still have the old one
in it, due to how coreboot's build system works.
To mitigate this, you can just always run distclean before
doing the build, but lbmk was doing just clean.
In practise, we did not find any issues, but this change should
be harmless, and might prevent such issues in the future. It's
even possible that we might have already encountered this before
and not realised, and we were just lucky that no noticeable issues
were caused.
It's *also* possible that the reverse is true: an issue that
was previously covered up, then that issue will now be exposed.
However, if that turns out to be true, then that is good because
we are exposing said bugs and then we will know to fix them!
Anyway, the variable in target.cfg is:
cleancmd="whatever_you_want"
e.g.
cleancmd="distclean"
You may also specify this in global mkhelper.cfg files, per
project; I've already done this for SeaBIOS, coreboot
and U-Boot, since all of these use Kconfig files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Patchset 20 from:
https://review.coreboot.org/c/coreboot/+/83274/18..20
Updated to that. A bunch of changes I made locally have been
copied here, thus removed from lbmk.
The previous setup in lbmk was to have only the DIMM slot work,
on the ThinkPad T480S, without setting up SPD for the onboard RAM>
Mate Kukri reverse engineered the scheme by which the SPDs are
chosen at boot, based on the wiring of the board. This should
just about match the way Lenovo did it in their firmware.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This fixes an error where nvme disappears and gets renamed
on s3 resume. Mate Kukri told me to test that and it worked.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Libreboot's binary blob reduction policy is crystal clear:
If a blob can be avoided, it must be avoided.
The ThinkPad T480 was using Intel's VGA ROM for graphics
initialisation very briefly, before Mate fixed libgfxinit.
Since libgfxinit is fixed, the Intel VGA ROM is obsolete,
so we should not be handling this at all.
Similarly, the Nvidia ROM handling has been removed, because
Mate is hard-disabling that in the coreboot code anyway, since
the Nvidia dGPU didn't work when tested anyway.
Even if it did, Libreboot's blob policy makes it clear
that Intel graphics with native init from coreboot is to
be the preferred option.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I also enabled this on T480S, because otherwise SeaBIOS hung.
Enabling it shouldn't cause any harm on the T480, though Mate
did say that his machine seemed to work with my setup.
However, I believe that was when I gave him the ones that lbmk
built with the VGA ROM. Now it builds with libgfxinit, because
Mate was able to fix libgfxinit on this machine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Added t480s delta to deguard, for MFS config.
Updated coreboot/next to latest t480 patch set,
which includes t480s. This porting was done by
Mate Kukri.
also includes experimental t480s support
Also added a data.vbt file (not in the gerrit patch)
for the T480s.
I had to turn on 8254 legacy timer on t480s, otherwise
SeaBIOS would hang. Same issue I saw on OptiPlex 3050 Micro.
Minor issue:
On S3 resume, nvme0n1 for example got renamed to nvme0n2.
This caused a crash if running Linux from the nvme. I confirmed
this via live USB distro. So this port will need some tweaking
before it can be considered stable.
Also uses libgfxinit, which Mate recently fixed. I'm
going to enable libgfxinit on regular T480 next.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This uses the excellent deguard utility, written by
the excellent Mate Kukri.
A few bugs but it mostly works. Documentation to come
shortly, in lbwww.git.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I'm adding ThinkPad T480 support next, which requires
the new revision of deguard. Mate Kukri changed the way
deguard is used, in a rewrite of the project, so lbmk
has to change too.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We need to initialize the USB subsystem before we can use USB devices
like keyboards and external disks, by running `usb start`. Use the
PREBOOT config option to run the necessary command before U-Boot tries
to automatically boot anything. It's already enabled for boards other
than gru_kevin and gru_bob, so just update those two configs.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2024.10 and rebase patches on top of
that. The video subsystem now has switched to using the 'cyclic'
mechanism, so the code around one of the video patches changed a bit.
x86 boards were already switched to v2024.10. Update U-Boot for the
remaining ARM64 boards as usual:
- Turn old configs into defconfigs (./update trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Otherwise, if PATH was set before, it will be re-used
again in the next pass. We previously unset CROSS_COMPILE
to avoid using the wrong cross-compiler when switching to
another target within a multi-tree project such as U-Boot.
Well, PATH was also being set, to use coreboot xgcc first.
This is fine, but the next target may not use the same one.
This patch solves a similar problem to the following patch
which was mentioned above:
commit 637c0a1521
Author: Leah Rowe <leah@libreboot.org>
Date: Tue Nov 19 02:52:28 2024 +0000
trees: unset CROSS_COMPILE per target
Signed-off-by: Leah Rowe <leah@libreboot.org>
Since U-Boot must be inserted at a specific offset, it's
theoretically possible that other files might overlap, but
cbfstool will work around wherever U-Boot was inserted if
it was inserted first; we don't use specific offsets for
the other files.
This is technically a preventative bug fix, but it fixes
a bug that would probably never occur in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is not a main script, and should not be treated as such;
it must never be directly executed by the user.
This script was only ever used inside other scripts, so the
shebang didn't seem to do much at all, but it shouldn't be
there anyway.
Remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
openssl-devel was split up in Fedora 41, and this package is required to build libreboot
on Fedora 41.
This was reported by "tweezers" on #libreboot.
Signed-off-by: Mate Kukri <km@mkukri.xyz>
This uses the "normal" config. Previous changes prevent
U-Boot images being built for this anyway, but it does
yield a warning message.
Remove the warning at the source.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The "normal" mode in lbmk is where no built-in GPU exists,
or no libgfxinit is used, and SeaBIOS is the first payload,
and SeaBIOS executes VGA ROMs (can't know if it'll start
in VESA or text mode).
U-Boot needs a VESA framebuffer or native coreboot
framebuffer to work correctly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Same concept as SeaGRUB, but for U-Boot. SeaBIOS starts, but
has a bootorder file loading U-Boot first, from flash.
You can interrupt it with the ESC menu, to boot something else
in SeaBIOS, including GRUB.
With this, we can effectively provide extremely user-friendly
UEFI-first setups in Libreboot.
Take that, edk2!
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is a patch from Simon Glass. U-Boot clears the display
when it starts up, but was asking the VESA driver to do the
same, needlessly; this patch avoids the latter.
A further patch is also included, which provides a better
message when jumping into long mode on the SPL (64-bit) target,
dumping it on the serial console instead of using printf.
Signed-off-by: Leah Rowe <leah@libreboot.org>
For some reason, 32-bit U-Boot only works when executed from
GRUB, but not SeaBIOS; 64-bit U-Boot only works from SeaBIOS!
This will have to be investigated. Standalone U-Boot, where
U-Boot is the primary payload, has not yet been tested in
Libreboot, and will not be provided for some time due to
stability concerns. More testing is needed!
Signed-off-by: Leah Rowe <leah@libreboot.org>
U-Boot was hanging on hardware, but not Qemu. This is because on
the machines tested, namely the X200 and E6230 laptops supported
in Libreboot, the UART was disabled from coreboot.
This U-Boot patch from Simon Glass works around the issue by
silently disabling the UART when it isn't there. Instead,
output is sent to the display and U-Boot no longer hangs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
It's really buggy on hardware. Disable for now.
I've contacted Simon Glass on IRC, asking about hardware.
Signed-off-by: Leah Rowe <leah@libreboot.org>
It's a new experimental payload in Libreboot, so we may aswell
start with the very latest release of U-Boot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's important that we maintain realistic expectations.
x86 u-boot is not yet fully stable, so mark it as such.
Signed-off-by: Leah Rowe <leah@libreboot.org>
When building a coreboot image, if they enable the
x86 U-Boot payloads, sometimes what happens is you
have CROSS_COMPILE set, for i386-elf, but then it's
still set to that when later building 64-bit U-Boot,
which needs x86_64-elf.
We currently rely on hostcc to build U-Boot.
To mitigate this, unset CROSS_COMPILE in the main
loop of the trees script, for building project targets.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Currently seems to stall when booted from the GRUB
payload, but works when booted from the SeaBIOS menu.
I also tested it as a standalone payload and it seems
to boot. Will test on hardware next, and start adding
it to more mainboards.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also bring the coreboot/next modules in line with
the recent merge that did away with coreboot/dell7
the submodules for coreboot/haswell were still there,
and have now been deleted; the haswell tree was used
for the NRI patches, which were moved to /default some
time ago
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot/dell7 is now part of coreboot/next, which in turn
has been updated, to accomodate 3050 micro patchset 18:
https://review.coreboot.org/c/coreboot/+/82053/18
It incorporates my Verb/VBT patches, which are therefore
no longer included separately.
Mate has fixed the USB config; see diff for details.
The configuration of USB ports was wrong, before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
NOTE: Support added for xarch target x86_64-elf,
but U-Boot failed to build with this error:
OBJCOPY lib/efi_loader/helloworld.efi
x86_64-elf-objcopy: lib/efi_loader/helloworld_efi.so: invalid bfd target
make[2]: *** [scripts/Makefile.lib:476: lib/efi_loader/helloworld.efi] Error 1
Since I'm building U-Boot for x86_64 *on* an x86-64
host, and since that is currently the recommended type
of machine to use for lbmk development, and since the
other x86 payloads currently don't cross compile anyway,
this is an acceptable compromise for now. This is because
at present, I'm not making U-Boot the primary payload on x86,
instead preferring to chain it from GRUB and SeaBIOS.
The target.cfg file for x86 u-boot shows xarch/xtree commented.
Uncomment these to compile on crossgcc instead of hostcc.
I mention 64-bit because I initially did this first, but decided
to do 32-bit first. I'll work on the 64-bit one next (SPL).
It's only enabled in QEMU for now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There were a lot of unnecessary patches, such as the VRAM
patches; as Nicholas Chin has explained to me, the drivers
for these machines will just allocate what RAM they want
anyway, so in a lot of cases the extra allocated Video RAM
simply reduces the total amount of memory for other uses.
In general, we have a lot of patches that have existed for
years. A much more aggressive sweep will be done in the next
major audit, especially when the revisions are updated again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Thanks go to Nicholas Chin and Lorenzo Aloe for working on
and testing this code. Based on the 780 MT port.
Signed-off-by: Leah Rowe <leah@libreboot.org>
pin mod needed (soldering) but according to mate, you
can use some coffeelake CPUs on these machines, despite
them being intel 7th gen. this includes 8-core chips.
this patch enables the software configuration in coreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is for blanking the ME region on release builds.
This is required for lbmk when doing Libreboot releases,
on images that use an Intel ME region.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I reset it temporarily back to 1.16.3 when testing the
SeaBIOS hanging bug on 3050 micro, but the revision had
no effect; the bug was caused by a bad coreboot config
Signed-off-by: Leah Rowe <leah@libreboot.org>
Remove what is now unnecessary bloat, for ensuring that
GRUB is the primary payload; SeaGRUB is the only preference,
as per lbmk design.
The SeaBIOS hanging issue was fixed, so SeaGRUB is OK now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Again, I'm adapting the config to be as close to the
coreboot one as possible. I compiled directly from coreboot
earlier, and got SeaBIOS to work on my 3050.
I'm matching the setup as closely as possible. Once it works,
I can use that in a Libreboot release but then debug why the
old config wasn't working.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I'm eliminating as many differences as possible between lbmk's
setup, and the setup that is default when simply building from
the gerrit patch, directly in coreboot, by just picking the
mainboard; in this way, coreboot picks SeaBIOS as payload. I
already changed the SeaBIOS configs, in the previous patch.
Upon testing, this seems to have fixed the SeaBIOS hanging. I
need to have both of these options selected, or SeaBIOS hangs
just after it says "Press ESC" for the boot menu.
With this config change, SeaBIOS does not hang; instead, it shows
the list of devices as normal, and boots your machine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This diff matches the setup currently used in coreboot.
I'm eliminating as many differences as possible, while
I test the SeaBIOS hanging issue on Dell Optiplex 3050 Micro.
The actual SeaBIOS configs have also been modified, to match
the coreboot config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
- Update the MEC5035 S3 patches to the versions that were sent upstream
to prevent conflicts with subsequent patches for that EC.
- Update the patch that enables the S3 SMI handler in mainboard code so
that all Latitudes use the handler.
- Add a new patch that tells the EC to route power button events to the
host so that the OS can decide what to do. Without it, the EC powers
off the system without letting the OS cleanly shut down.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Specifically, use the same revision that Mate used in patchset 15.
This will ensure that any issues are *not* caused by the coreboot
revision; this is being done, because the old coreboot revision was
from July, but patchset 15 from Mate is based on a September revision
of coreboot.
I've been eliminating as many variables as possible, trying to fix
SeaBIOS payload on this machine, because it hangs in Libreboot, but
not when building from gerrit directly, which means the coreboot
revision may be a factor (since I'm using his patches on an older
revision so upstream might have made some changes since then that
the port relies on).
For this, a new coreboot tree is used, called "dell7", referring to
the fact that Kabylake is Intel's 7th generation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Use patchset 15 instead of 14:
config/coreboot/default/patches/0061-WIP-OptiPlex-3050-Micro-port.patch
Rebase the verb patch; patchset 15 modified the Makefile:
config/coreboot/default/patches/0064-dell-optiplex_3050-add-hda_verb.c.patch
We were using patchset 14 for the 3050 micro:
https://review.coreboot.org/c/coreboot/+/82053/14
Now we use patchset 15:
https://review.coreboot.org/c/coreboot/+/82053/15
Without this patch, the fans are always on a low setting, on
the Dell OptiPlex 3050 Micro, even under stress conditions. With
this patch, the fans change speed according to CPU temperature.
I had to rebase my verb patch, because Mate modified the Makefile
to add his sch5555 handler, on the same line where I add hda_verb.
Mate tells me he will merge my verb and vbt patches into a further
patchset later on. For now, I've simply rebased these patches on
top of Mate's newer work; I've told him he can use them in his port.
I'm probably going to now issue a new revision ROM image for
Libreboot 20241008, so that users can get this fix sooner.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the .git directory never exists anyway, when doing a release,
so the purpose this is intended is defeated by lbmk's design.
individual headers say "pcsx-redux team" as copyright anyway,
and the code for generating that COPYING file, with MIT license
and correct years (matching the entire source code for the
open bios) remains correct.
a mitigation instead of this patch might be to maintain a hardcoded
list of authors, and manually update it over time, but this is not
required. however, it may be good practise for upstream to maintain
such a file. perhaps i should contact them?
Signed-off-by: Leah Rowe <leah@libreboot.org>
Due to quirks in how caching works in lbmk, this may be
error-prone. I'll properly address it in the next audit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Riku used this for debugging, when adding the MXM support
to the HP EliteBook 8560w port. It will be useful for other
work that I have planned, so I'm archiving this too!
Riku has a lot of useful code, that I meant to import ages ago.
Once I'm done importing these in lbmk, I'll add backup repos.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Based on hell's code, but parses inteltool logs.
This will be useful for ports that I have planned, so
I'd like this to be included with Libreboot releases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Used to dump MXM config for a given mainboard. We used this
for the HP EliteBook 8560w.
I meant to import this via config/git/ ages ago.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in the following important fix:
commit d128a0ae87086b37c0e5d7a8d934bcdee173402f
Author: Nicholas Chin <nic.c3.14@gmail.com>
Date: Fri Sep 27 22:57:22 2024 -0600
flashchips: Remove unsupported erase blocks for Winbond W25X{16,32,64}
This family of chips does not support the 0x52 (32 KiB block erase) and
0x60 (chip erase) opcodes according to their datasheet.
The full list of changes this brings in is as follows:
* d128a0a flashchips: Remove unsupported erase blocks for Winbond W25X{16,32,64}
* c6a924a Don't mention writing when erasing only (-E)
* dac4239 ch347_spi: Add 'spimode' parameter
* 56d236b chipset_enable: Add some newer AMD code names
* 3b9f152 chipset_enable: Probe AMD SPIBAR first and bail on ff
* 522160f meson: Add ft4222_spi
Nicholas Chin's patch fixes a bug on GM45 ThinkPads, where WX25
ICs (Winbond) could be read, but writes would fail in certain
cases because flashchips.c provided incorrect block erase commands.
This is unrelated to the --workaround-mx patch, for Macronix ICs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The deguard utility is executed within a subshell, and
the subshell does not handle error status. This patch
fixes that, so that the main shell also exits non-zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I was build-testing gru_bob on an arm64 host, and got a
build error when compiling U-Boot.
Python.h missing - installing python3-devel fixes it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I added support earlier, on rom.sh, but the main build script
specifically defines which projects are to be compiled. I've
modified it so that pcsx-redux (just the BIOS part) will also
be compiled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I also checked the copyright declarations in the
directory src/mips/openbios where the PCSX-Redux BIOS
is, gleaning all the copyright years: 2019-2024 at this
time.
The years will be updated as and when PCSX-Redux is
updated in lbmk. Their BIOS is under MIT so I made lbmk
generate an appropriate COPYING file alongside the binary,
containing:
Copyright (c) 2019-2024 PCSX-Redux authors
Along with the actual text of the MIT license. With all
of this, the PCSX-Redux BIOS can now be included in
Libreboot releases.
No actual tarball is created. The release script in lbmk
simply copies the bin/ directory to ../roms
I'm leaving the PCSX-Redux BIOS release uncompressed,
because, and this will sound patronising because that is
my precise intention: Windows users don't know how to do
anything. If I provide a tarball to Windows users, they
won't know what to do. Libreboot releases always go on rsync
mirrors, which also have HTTP servers with indexing enabled,
for browsing release files.
I mention Windows users, because most people who use the PCSX
Redux BIOS will probably use it on a PlayStation emulator, and
most emulator users are on Windows. I can't really be bothered
to provide it as a .zip archive, and it's only 512kb, so just
provide it uncompressed in Libreboot releases!
Releases were already possible under this scheme, so this
patch really just adds the COPYING file. It's simply a courtesy
to the PCSX-Redux developers, providing proper credit to them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on 3050micro, we disable seabios as a primary payload,
making grub a pribary payload instead.
the way it worked, the roms were still named seagrub
and the seabios rom would be compiled, but with the wrong
path, so seabios wouldn't be executed; seabios would hang
anyway, on this board.
instead, engineer it in such a way as to disable seabios_
images on this board. also, rename seagrub_ to grub_.
i normally only permit seagrub, and not grub, but i make an
exception for 3050micro because we know grub works, but seabios
currently hangs on this board (which means no bsd).
Signed-off-by: Leah Rowe <leah@libreboot.org>
SeaBIOS is known to hang on this board. It is being investigated.
Add two variable options for target.cfg files:
* seabiosname
* grubname
This string defines where it would be located in CBFS.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in some cases, on a fresh clone, the cached repo already
exists but lbmk tries to download it again. work around
this by checking that the directory exists; it's in the
main if statement, so that the "else" still applies. as
a result, the fallback to a live repo would un-fall back
to doing git-pull if the cached directory exists exists.
if it doesn't seem to make sense, it's because it doesn't.
this whole function needs to be rewritten better.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is using Mate Kukri's port, which was added in
previous lbmk revisions. I've added an IFD that sets
the HAP bit, and unlocks regions as standard.
vcfg is set to 3050micro, which defines downloading
of the MEv11 image and it will run deguard automatically.
I made a small adjustment to vendor.sh, because the hotpatch
logic for deguard uses -C in git, and when doing that, the
specified directory path is relative to that Git repository;
the .patch path has been adjusted accordingly.
Also add 3rdparty/fsp to coreboot/default modules.
This board requires the ifdtool option: -p sklkbl
The -p option tells flashrom what quirks are present in a
given IFD. We don't normally need this on other Libreboot
targets that we currently support. The -p option was needed
for creating this modified IFD, and it is therefore needed in
the inject script. Therefore, an "IFD_platform" option is
specified in a given board's target.cfg file. If this is set,
another variable is set that makes -p be used.
In this case, 3050's target.cfg says:
IFD_platform="sklkbl"
This option enables quirks for skylake/kabylake descriptors,
as required when using ifdtool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Pretty much just copied the T1650 directory in config/,
then changed the board to 9010 SFF in menuconfig.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Add patches to convert the E6400 port into a GM45 Latitude variant and
add the E4300 as another variant, and create a config for the E4300.
Tested on my E6400 and E4300.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
I also added a "cleanargs" argument, similar to the makeargs
argument, to work around a build error.
This builds the PCSX-Redux PS1 BIOS. They reverse engineered
the Sony PS1 BIOS and wrote a free one under MIT license.
Run this:
./mk -b pcsx-redux
The file will appear: bin/playstation/openbios.bin
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't need the entire emulator, but we will be using
a specific part: src/mips/openbios
third_party/uC-sdk submodule is included, because it
contains the necessary header files when building open bios.
I will be adding Sony Playstation support to Libreboot,
alongside a new emulator project to be announced soon.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Dell OptiPlex 3050 Micro
I ran ./mk -u coreboot, to update existing configs
after merging. Actualy IFD and coreboot configs will
be done in the next revision. I've already added logic
for handling deguard, in preparation for this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Copy the downloaded deguard source code into appdir,
and patch it to run as part of lbmk, instead of
standalone. The archived one in src/ is not directly
used; instead, the hotpatched version is used.
This is because the standalone version already has
download logic for the .zip file, but we already
cache that file in cache/ and use that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This program disables the Intel Boot Guard on Dell
OptiPlex 3050 Micro, via Intel ME modification.
Using this hack, you can run unsigned code on the ME.
Mate disabled BootGuard this way.
This will be used to add Dell OptiPlex 3050 Micro
support in Libreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the output isn't really super critical, because it pertains
to files that would just result in a coreboot build error
if they didn't extract, which would still allow me to know
if a given extract function failed.
however, the extract function shows a lot of error output
because it literally bruteforces various extract methods,
when dealing with vendor files.
mitigate this by just printing the errors to /dev/null. this
will prevent users from erroneously thinking that lbmk is
operating under error condition, when it isn't. we do sometimes
get questions about it on irc.
fewer questions on irc is better.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Commit 3ee4cc9dde (fix typo in dell
latitude coreboot coreboot config) fixed a typo from ${VARIANT_DIR) to
$(CONFIG_VARIANT_DIR). While this does work, since CONFIG_VARIANT_DIR is
a valid variable, it is not technically correct, as the default VBT path
set by coreboot's Kconfig files uses $(VARIANT_DIR), which is the same
as CONFIG_VARIANT_DIR, but with quotes stripped out.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
see relevant patch added in the diff
set the clock on x4x boards to 96MHz like on GM45
fixes the following build error on x4x boards:
hw-gfx-gma-plls.adb:465:46: error: "INTEL_GMA_DPLL_REF_FREQ" not declared in "Config"
make: *** [Makefile:423: build/ramstage/libgfxinit/common/g45/hw-gfx-gma-plls.o] Error 1
Signed-off-by: Leah Rowe <leah@libreboot.org>
some of my DDR2 checks were unnecessary, as nicholas pointed
out on irc, because they were in places that only ran if
DDR2 memory was used anyway.
in another, valid place, I was checking the wrong variable for
knowing what memory type is used.
this patch fixes build errors in lbmk:
src/northbridge/intel/gm45/raminit.c: In function 'dram_program_timings':
src/northbridge/intel/gm45/raminit.c:1120:29: error: 'sysinfo' undeclared (first use in this function); did you mean 'sysinfo_t'?
1120 | if (sysinfo->spd_type == DDR2)
| ^~~~~~~
| sysinfo_t
src/northbridge/intel/gm45/raminit.c:1120:29: note: each undeclared identifier is reported only once for each function it appears in
src/northbridge/intel/gm45/raminit.c: In function 'ddr2_odt_setup':
src/northbridge/intel/gm45/raminit.c:1291:21: error: 'sysinfo' undeclared (first use in this function); did you mean 'sysinfo_t'?
1291 | if (sysinfo->spd_type == DDR2) {
| ^~~~~~~
| sysinfo_t
make: *** [Makefile:423: build/romstage/northbridge/intel/gm45/raminit.o] Error 1
Signed-off-by: Leah Rowe <leah@libreboot.org>
these configs were otherwise correct, but i typo'd a variable
in them when manually rebasing the old configs, after switching
to nicholas's new ports implemented as variants, where the old
ones in lbmk were individual board ports for those same boards.
Signed-off-by: Leah Rowe <info@minifree.org>
same as the last change. we must avoid use of make variables,
in sh specifically, when handling these configuration files.
Signed-off-by: Leah Rowe <info@minifree.org>
instead, only grep for the entries required, such
as Intel ME paths.
some variables in coreboot configs use $(), which
is used in *make*, on the coreboot build system, and
there refers to variables.
here, we are sourcing them from sh, which treats this
as a mini subshell to run a command; for example
CONFIG_FOO would be executed, which is bad.
The current logic still theoretically has this problem,
with this patch, but the entries we scan from the configs
do not currently have variable names in the strings.
So: filter out just what we need, into a temporary config,
when scanning for vendor files in coreboot configs, and
use the temporary config.
This fixes a build error when compiling for e5520_6mb.
Signed-off-by: Leah Rowe <info@minifree.org>
The workaround-mx patch was rebased on one section in spi.c,
because that part in upstream added QPI support; in the newly
rebase mx patch, the workaround_mx behaviour is only
honoured if QPI (Quad SPI) is not in use.
Quad SPI is not used in practise, on the machines where this
workaround is intended (GM45 ThinkPads with Macronix chips).
This imports the following upstream changes:
* 639d563 README: Update flashprog.org URLs
* cbbd601 README: Update dependency list and Linux package names
* 79451f1 README: Rename "Packaging" -> "Source Packaging"
* 5b4695c README: Dial laptop warning down a little
* 7224085 udev rules: Add some more IDs
* 448457a ch347_spi: Add CH347F ID and loop over the entries
* e39549b ch347_spi: Search for compatible USB interface
* dfd0647 ich_descriptors: Refactor component density handling
* b2ad9fd ich_descriptors: Make use of SPI_ENGINE_PCH100 marker
* 140e22f chipset_enable: Make use of SPI_ENGINE_PCH100 marker
* 869f0e7 ichspi: Use `swseq_data' on ICH7 paths too
* eeee91b ichspi: Replace all switch/case on `ich_generation'
* ecba1d8 ichspi: Drop redundant bail-out cases in ich_set_bbar()
* e8babf4 ichspi: Use a single check to enable hwseq for PCH100+
* fda324b ichspi: Introduce SPI_ENGINE_PCH100 marker
* a1f6476 ichspi: Split ICH7 init out
* 3f75d44 ich_descriptors: Remove `Dual Output Fast Read' for newer gens
* 2862011 spi25: Try to set volatile quad-enable (QE) automatically
* 4ac536b spi25_statusreg: Allow to write (non-)volatile bits specifically
* b1d2bae dediprog: Fix and enable 4BA modes for SF600Plus-G2
* d0afeef dediprog: Disable 4BA modes for SF100 w/ protocol v2
* 1b1deda Implement QPI support
* a1b7f35 dediprog: Implement multi-i/o reads
* 008a44f dediprog: Split read/write command preparation by protocol
* 4760b6e spi25: Implement multi-i/o reads
* 0c9af0a spi25: Check quad-enable (QE) bit
* 930d421 spi25: Introduce generic spi_prepare_io()/spi_finish_io()
* 8d0f465 spi25: Extract 4BA preparations into new `spi25_prepare.c`
* 044c9dc Add FT4222H support
* fc7c13c linux_gpio2_spi: Implement multi i/o
* 5fc3154 bitbang_spi: Implement multi-i/o
* d16a911 bitbang_spi: Move API into its own header file
* 226bb87 flashchips: Add missing QE-bit definitions
* 4fa39c5 flashchips: Fill multi-i/o gaps in MX25U family
* 5f50999 flashchips: Fill multi-i/o gaps in MX25R family
* 46552c8 flashchips: Fill multi-i/o gaps in MX25L family
* 96786d0 flashchips: Fill quad-i/o gaps in XM25Q family
* a26a3c6 flashchips: Fill dual-i/o gaps in W25X family
* 2133f59 flashchips: Fill quad-i/o gaps in W25Q family
* 68573af flashchips: Split GD25Q127C and GD25Q128C
* 4da971f flashchips: Fill quad-i/o gaps in GD25*Q families
* f7e2d97 spi: Allow to define a quad-enable (QE) configuration bit
* 1412d9f spi: Rework FEATURE_QPI
* d518563 spi: Prepare for multi i/o and dummy bytes
* bd72a47 spi25_statusreg: support reading/writing configuration register
* 3d728e7 spi25_statusreg.c: support reading security register
* a358b14 flashchips: Split W25Q64.W -> W25Q64DW | W25Q64FW/W25Q64JW...Q
* 3127db1 manibuilder: Drop legacy flashrom tag collections
* 619d9c0 manibuilder: Use `test_build.sh'
* 6560bba manibuilder/almalinux: Install `diffutils' for new `test_build.sh'
* c7b549e test_build.sh: Compare output for -L of Make and Meson builds
* 72b30a0 test_build.sh: Don't try to run cross-compiled programs
* 3d2f212 test_build.sh: Allow to override Make and Meson commands
* 4eb9748 test_build.sh: Run tests for both Make and Meson builds
* 8279457 manibuilder: Add Alpine Linux 3.18 & 3.19 images
* 15e9b10 manibuilder/alpine: Install libjaylink-dev when available
* b8b3593 manibuilder: Add images for Fedora 38..40
* 7b05f09 manibuilder: Add images for Ubuntu 24.04 "Noble Numbat"
* 5e8b339 manibuilder/anita: Add NetBSD 10.0 i386 & amd64 images
* 61da8c7 manibuilder/anita: Export library path for libusb
* 39152af manibuilder: Set sourcearcade.org as default source
* 20073e7 Properly clear erase-block selection when bigger block is chosen
* 3824c8d ichspi: Allow all opcodes when the "opmenu" isn't locked
* 0d4354e flashchips: Add W25Q32JV-.M
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in a single change:
commit ec0bc256ae0ea08a32d3e854e329cfbc141f07ad
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon Jun 24 10:44:09 2024 +0200
limit address space used for pci devices, part two
This increases compatibility with i686 hosts, when allocating
memory for pci devices.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Of note: upstream has made several improvements to memory
management, and several fixes to file systems.
User-friendly change to LUKS: if the passphrase input failed,
the user is prompted again for the correct passphrase, instead
of GRUB just failing. Similar to cryptsetup luksOpen behaviour
under Linux.
This pulls in the following changes from upstream (gnu.org):
* b53ec06a1 util/grub-mkrescue: Check existence of option arguments
* ab9fe8030 loader/efi/fdt: Add fdtdump command to access device tree
* 0cfec355d osdep/devmapper/getroot: Unmark 2 strings for translation
* f171122f0 loader/emu/linux: Fix determination of program name
* 828717833 disk/cryptodisk: Fix translatable message
* 9a2134a70 tests: Add test for ZFS zstd
* f96df6fe9 fs/zfs/zfs: Add support for zstd compression
* 55d35d628 kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts
* 61f1d0a61 kern/efi/mm: Change grub_efi_allocate_pages_real() to call semantically correct free function
* dc0a3a27d kern/efi/mm: Change grub_efi_mm_add_regions() to keep track of map allocation size
* b990df0be tests/util/grub-fs-tester: Fix EROFS label tests in grub-fs-tester
* d41c64811 tests: Switch to requiring exfatprogs from exfat-utils
* c1ee4da6a tests/util/grub-shell-luks-tester: Fix detached header test getting wrong header path
* c22e052fe tests/util/grub-shell: Add flexibility in QEMU firmware handling
* d2fc9dfcd tests/util/grub-shell: Use pflash instead of -bios to load UEFI firmware
* 88a7e64c2 tests/util/grub-shell: Print gdbinfo if on EFI platform
* b8d29f114 configure: Add Debian/Ubuntu DejaVu font path
* 13b315c0a term/ns8250-spcr: Add one more 16550 debug type
* 8abec8e15 loader/i386/multiboot_mbi: Fix handling of errors in broken aout-kludge
* d35ff2251 net/drivers/ieee1275/ofnet: Remove 200 ms timeout in get_card_packet() to reduce input latency
* 86df79275 commands/efi/tpm: Re-enable measurements on confidential computing platforms
* 0b4d01794 util/grub-mkpasswd-pbkdf2: Simplify the main function implementation
* fa36f6376 kern/ieee1275/init: Add IEEE 1275 Radix support for KVM on Power
* c464f1ec3 fs/zfs/zfs: Mark vdev_zaps_v2 and head_errlog as supported
* 2ffc14ba9 types: Add missing casts in compile-time byteswaps
* c6ac49120 font: Add Fedora-specific font paths
* 5e8989e4e fs/bfs: Fix improper grub_free() on non-existing files
* c806e4dc8 io/gzio: Properly init a table
* 243682baa io/gzio: Abort early when get_byte() reads nothing
* bb65d81fe cli_lock: Add build option to block command line interface
* 56e58828c fs/erofs: Add tests for EROFS in grub-fs-tester
* 9d603061a fs/erofs: Add support for the EROFS
* 1ba39de62 safemath: Add ALIGN_UP_OVF() which checks for an overflow
* d291449ba docs: Fix spelling mistakes
* 6cc2e4481 util/grub.d/00_header.in: Quote background image pathname in output
* f456add5f disk/lvm: GRUB fails to detect LVM volumes due to an incorrect computation of mda_end
* 386b59ddb disk/cryptodisk: Allow user to retry failed passphrase
* 99b4c0c38 disk/mdraid1x_linux: Prevent infinite recursion
* b272ed230 efi: Fix stack protector issues
* 6744840b1 build: Track explicit module dependencies in Makefile.core.def
Signed-off-by: Leah Rowe <leah@libreboot.org>
it is identical to fam15h_rdimm, with _udimm now removed;
the latter had a patch that added certain behaviour only
intended for rdimm, but the patch in question breaks various
configurations.
raminit has always been unreliable on these boards. i'd rather
simplify it all, in lbmk. i'll probably update this to the dasharo
tree later on, specificalyl for kgpe-d16
Signed-off-by: Leah Rowe <leah@libreboot.org>
The libgfxinit patch and other patches e.g. DDR2 fix, are
now provided in coreboot/default. The Latitude E6400 is now
using the newer coreboot revision from late July 2024.
Some other configs had to change because of this, relating to
the new way that Nicholas handles timing on LVDS displays
with the E6400 port; a default 96MHz clock is still used for
pixel reference clock, overridden with a value of 100MHz on
other GM45 machines, where 96MHz was previously hardcoded.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Several patches are now merged upstream and no longer needed
in lbmk, such as the HP EliteBook 8560w patch, and related
patches. Some patches were changed, for example the Dell Latitude
ivb/snb laptops are now variants in coreboot, instead of being
individual ports; now they re-use the same base code.
This this, the corresponding files under config/submodules
have changed, for things like 3rdparty submodules e.g. libgfxinit,
and tarballs e.g. crossgcc.
This is long overdue, and will enable more boards to be added.
This newer revision will be used in the next release, and some
follow-up patches will merge these trees into default:
* coreboot/haswell
* coreboot/dell
Signed-off-by: Leah Rowe <leah@libreboot.org>
see bug report:
https://codeberg.org/libreboot/lbmk/issues/228
The layout specified incorrect boundaries for the pd region.
With this change, it should flash and boot reliably.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I re-read the modified code, and it has defines in place
for building on Windows; I was defining ACCESSPERMS
universally, but it should only be defined for non-Windows
systems, which the context in this code means Linux/BSD.
Signed-off-by: Leah Rowe <leah@libreboot.org>
musl libc is very conservative in what it implements,
preferring a very "pure" libc implementation. this means
that it lacks many of the niceties found in others like
the GNU C Library; the latter implements many BSD libc
extensions, for example.
ACCESSPERMS is a #define in BSD libc that does:
S_IRWXU | S_IRWXG | S_IRWXO
Essentially, it provides a bitwise OR providing chmod 0777,
which can be used as shorthand in calls to functions such
as mkdir() available in all libc implementations.
In the case of uefitool, this define is indeed used on mkdir.
Conditionally re-define ACCESSPERMS, if undefined, so that musl
libc can be used when building uefitool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
single-tree projects cannot be handled in bulk, e.g.
./mk -f project1 project2 project3
that is still the case, from the shell, but internally
it is now possible:
mk -f project1 project2 project3
mk() is a function that simply handles the given flag,
and all projects specified.
it does not handle cases without argument, for example
you cannot do:
mk -f
arguments must be provided. it can be used internally,
to simplify cases where multiple single-tree projects
must be handled, but *also* allows multi-tree projects
to be specified, without being able to actually handle
trees within that multi-tree project; so for example,
you can only specify coreboot, and then it would run
on every coreboot tree.
Signed-off-by: Leah Rowe <leah@libreboot.org>
same as the last change. make the main function a wrapper
that dry-runs the real function.
if the "dry" variable is blank, it executes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is another alternative to the previous fix. this one
is therefore now a pre-emptive fix, in case other code is
written in the future that makes use of badhash.
the badhash variable in a y/n variable, so initialise to n.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when badhash=y, the utils should be deleted, but
the check is deleting if badhash isn't n. if the
hash check isn't being performed, then this will
always be the case and the utils are always deleted.
make it positively delete the file only if badhash=y,
not when it isn't n. while this may not sound very
different, it will prevent the utils being deleted and
re-build endlessly in other cases, like when building
release archives and running the inject --nuke mode
on every image that gets built.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we want multiple seagrub images made, with different
keymaps, but we only want one non-seagrub image.
however, we also want grub in the non-seagrub image.
it just means that seabios is primarily what the user
wants, and they might occasionally use grub, whereas
the seagrub images are for people who primarily want
grub but may occasionally access the seabios menu.
right now, the seabios images really only contain seabios,
but there's no harm in adding grub to them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't rely on build/coreboot.rom staying in place,
because sometimes it can get purged under certain
conditions, due to idiosyncrasies in the coreboot
build system, even when we don't explicitly clean it
Signed-off-by: Leah Rowe <leah@libreboot.org>
this time, only handle multiple keymaps on seagrub
images. for images where seabios is first but does
not immediately load grub, whether grub is still
available in flash, just do one image (US Qwerty)
this still results in fewer images per target than
Libreboot 20240612, but should prevent most users
from being annoyed. i got a few people asking
repeatedly, and i hadn't documented yet how to add
keymap.gkb or how to remove bootorder, to get a
different keymap or disable seagrub respectively.
i anticipate that i'll get such questions a lot, even
if i do document it, so i'm reversing that decision.
it doesn't result in much extra code. the new design
in lbmk makes this sort of thing much simpler.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i actually only made this change so that the revision changes,
so that the release directory changes when doing:
./update release
this is to test whether such location change affects the build
time when using ccache.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the me_extract function prefixes it with PWD in
some cases, but we can't predict where appdir
will point to.
the "app" directory is not intended to be a cache
anyway, so it doesn't make sense to put it in
the cache directory.
it's essentially scratch memory.
Signed-off-by: Leah Rowe <leah@libreboot.org>
XBMK_CACHE is now used, instead of hardcoding cache/
this is exported initialised to cache/, if unset.
this means you can set your own directory, and it means
./update release will use the same directory.
this means bandwidth wastage is further avoided.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the || : condition should be used, whereas i just
wrote : by mistake. this was done in a previous change.
fix it now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a previous change made it more redundant, falling back
on old behaviour (direct downloading, not cached), but
the way it's done means that the function never returns
an error condition in practise.
this patch fixes it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i overlooked this before. remove it. the directory
happened to be empty when i tested archives, but it's
still not a good thing that we have it. remove it!
Signed-off-by: Leah Rowe <leah@libreboot.org>
if coreboot itself is being handled, crossgcc has the
correct makeargs, setting the number of build threads.
however, other projects can specify "xtree" pointing to
a given coreboot tree, and build crossgcc for it.
one workaround may be to use trees -d coreboot TREE,
but then extra code would have to be written to make
it avoid other things like building cbfstool, which is
not required for just building crossgcc.
the cleanest way to do it is to simply hardcode it. the
value is set exactly the same as regular coreboot makeargs.
this fixes a bug, where some builds of crossgcc are made
on a single thread, rather than using XBMK_THREADS. this
patch forces it to always use CPUS=$XBMK_THREADS
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk must still define payloads, but specific configs
may use coreboot's build system instead.
you might use this to add your own config with, say,
tianocore payload, using coreboot.git to build it,
rather than using lbmk's choice of payloads.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we no longer need to remove cache/ per project, because
it's removed in bulk at the end, in the main build script,
when generating release archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lib.sh download() is used by subfile handling in git.sh,
e.g. crossgcc tarballs, and also the vendor scripts.
vendor files are cached, but not subfiles for repos.
cache both, under cache/file/, saved with the name equal
to the checksum, so: cache/file/CHECKSUM
also move vendorfiles/app/ to cache/app/ in this change.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if doing a retry, the directory may still exist, which
would make git clone yield an error response; the existing
directory will have been the one that failed to reset, so
let's delete it.
the one deleted is not the cache (repo/PROJECT/), thus
otherwise maintaining current behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
normally, a project is cached at repo/PROJECT/, and
cloned from there to the final destination.
errors lead to a calling of $err, but this will result
in a return if done from inside a subshell, of non-zero
value, so use this to re-try with a 6th argument when
calling tmpclone().
in most cases, this fallback will never kick in, but
it will kick in resetting or patching the cached clone
fails; specifically, we are interested in the reset part.
a given project name may change repositories in lbmk at
a given time. if this happens, and the old one is cached,
the overall result of this patch is that lbmk will fall
back to the old behaviour, where git urls are tried
directly, without caching.
Signed-off-by: Leah Rowe <leah@libreboot.org>
actual source code is not scanned, but config directories are
scanned. simply get the checksum of each file under config/
pertaining to a given project/tree, and also for the given
target. coreboot utilities are also handled.
if it changes, in any way, delete and re-build automatically.
such deletions should probably still be done manually, as part
of understanding the build system, but this change should make
the build system much easier to use during development.
Signed-off-by: Leah Rowe <leah@libreboot.org>
single-tree repos were not previously cached, but now
they are and they have to be handled.
this, as also alluded to in the previous commit, is done
when preparing release archives (XBMK_RELEASE=y)
Signed-off-by: Leah Rowe <leah@libreboot.org>
repo/p/ does not have its revision reset, so it
changes unpredictably, and it's not used in builds.
this used to be src/p/p/ - the context here is multi-tree
projects, in source archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
re-use repo/project/
this means that single- and multi-tree projects now
have a unified cached git repo location, as per the
new rules, thus saving on disk space usage.
Signed-off-by: Leah Rowe <leah@libreboot.org>
do it based on the URL, e.g. https://review.coreboot.org/coreboot
becomes repo/coreboot
the downside is if you have two projects with repo urls specifying
the same string at the end, but this isn't the case at the moment
and likely won't be the case, but it's a theoretical issue.
this saves on bandwidth when downloading identical submodule repos
between multiple trees within the same multi-tree project
for example, coreboot 3rdparty/vboot is no longer downloaded more
than once, instead cloned locally on subsequent downloads.
if repo/DIR exists, git-pull is attempted, but errors do not result
in a non-zero exit, by design.
Signed-off-by: Leah Rowe <leah@libreboot.org>
upstream has merged all of the changes that it contained,
so we don't need this anymore. we'll have the newer upstream
changes on the next general revision updates for coreboot,
within config/coreboot/
Signed-off-by: Leah Rowe <leah@libreboot.org>
configure_project is a bit big. move the dependencies
build logic to a new function.
it may be desirable in future to make the way that
function works the way all build commands are done.
for example:
./update trees -b coreboot x230_12mb
would become:
./update trees -b coreboot/x230_12mb
this would enable to mix and match multi/single tree
projects. for now, leave things as they are.
Signed-off-by: Leah Rowe <leah@libreboot.org>
U-Boot has migrated to using upstream device-tree files for gru boards,
but the clock driver doesn't yet support setting rates for a certain
clock that upstream uses for the eDP display. It happens to work without
it, so for now remove the clock setting until the driver is fixed.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Commit 46e01c0e1d ("u-boot: Avoid building U-Boot-only binman images")
added a patch that prevents an error while building U-Boot, due to some
U-Boot images needing a copy of BL31 that we are not passing in.
Removing build instructions for these images isn't really necessary,
when we can instead tell the build tool that it shouldn't exit with an
error. It checks a BINMAN_ALLOW_MISSING environment variable for this,
but just unconditionally replace the check with the argument.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2024.07 and rebase patches on top of
that. One patch that fixes drawing box characters (UTF-8 to CP437) had
an alternative merged, another hack we have to fix regulator issues is
no longer neccessary as the issue is fixed, and my QEMU patches were
merged upstream, so drop these patches. One patch we have to disable
binman images can be replaced by a simpler alternative so drop it too.
Upstream kconfig status is still unstable, so updating configs with
`make oldconfig` would miss important upstream changes, since they rely
on carrying defaults via upstream defconfigs. Update the configs as
such, like before:
- Turn old configs into defconfigs (./update trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
we used to set cmd only to these values:
build_project
build_targets
however, now we set them to:
build_project
build_targets $@
the latter cannot be measured reliably, but
we were checking whether cmd equalled:
build_targets
now we instead check that it does not equal:
build_project
Signed-off-by: Leah Rowe <leah@libreboot.org>
main() used to be the only function executed from
outside of main(), in this script, but now we source
a config file and then run the build afterward.
when a flag is provided without OPTARG, this means
that we are continuing such action erroneously. to
mitigate this, return 1 in that instance, and handle
it in the line that calls main(), making it exit with
zero status (success).
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of using lots of if/else conditions, do that once
and set a variable, dry, to :
if not doing a dry run, the variable is empty. prefix this
variable in places where you don't want a certain action to
be performed, on dry runs.
more specifically, : does *nothing* and always returns with
zero status (success).
this results in cleaner code, and a small sloccount reduction.
Signed-off-by: Leah Rowe <leah@libreboot.org>
move the coreboot-specific includes into mkhelper.cfg
for that project.
on some projects, we need variables from mkhelper.cfg
to be global, so I was including serprog and coreboot
mkhelper.cfg files in this script.
instead, set a new variable "mkhelpercfg" pointing to
the config file. if it doesn't exist, create and then
point to a temporary (empty) mkhelper.cfg file.
the rom.sh include has been moved to coreboot mkhelper.cfg
The only remaining project-specific logic, in this trees
script, is now the coreboot crossgcc handling, but this
needs to be there as it's also used to build U-Boot.
The way this now works, certain includes are done twice.
For example, include/rom.sh will be included once globally,
outside of main(), and then again in configure_project().
This means that certain functions will be defined twice.
I'm uncertain if shell has anything equivalent to an ifdef
guard as in C, but we actually want this here anyway, and
it shouldn't cause any problems. It's a bit of a hack, but
otherwise results in much cleaner code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, due to the idiosyncratic nature of the coreboot
build system, the coreboot.rom gets wiped out.
cbutils is still handled by premake. ensure that payloads are
only inserted just after running the coreboot make command.
fixes a build issues introduced on 9020sff, previously unhandled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
pro-tip: don't do this at 3AM
do massive changes like this, no later than 1AM.
the intent anyway is for -d to cause no build dependencies
to be handled, but the current logic says to only handle
them if -d is set! fix it by removing the ! part
Signed-off-by: Leah Rowe <leah@libreboot.org>
-d does the same as -b, except for actually building
anything! in effect, it does the same as -f (fetch)
except that the resulting variable assignments will
not be recursive (as with -f).
if -d is passed, configuration is still loaded, defconfig
files are still cycled through, and more importantly:
helper functions are still processed.
the grub, serprog and coreboot helper functions have
been modified to return early (zero status) if -d is
passed.
this behaviour will be used to integrate vendor.sh
logic in with the trees script, for cases where the
user wants to only handle vendor files. e.g.:
./update trees -b coreboot x230_12mb
this would download the files as usual, build coreboot,
with those files, and then build the payloads. but:
./update trees -d coreboot x230_12mb
this would download the files, NOT build coreboot, and
NOT build the payloads.
this change increases the sloccount a bit, but i'm relying
on the fact that the vendor.sh script already re-implements
config handling wastefully; the plan is to only use trees.
for now, simply stub the same ./vendor download command.
there is one additional benefit to doing it this way:
this method is *per-kconfig* rather than per-target.
this way, one kconfig might specify a given vendor file
that is not specified in the other. although the stub
still simply handles this per target, it's done in premake,
which means that the given .config file has been copied.
this means that when i properly re-integrate the logic
into script/trees, i'll be able to go for it per-kconfig.
the utils command has been removed, e.g.
./update trees -b coreboot utils default
the equivalent is now:
./update trees -d coreboot default
this would technically download vendor files, but here
we are specifying a target for which no kconfigs exist;
a check is also in place, to avoid running the vendor file
download logic if tree==target
the overall effect of this change is that the trees script
no longer contains any project-specific logic, except for
the crossgcc build logic.
it does include some config/data mkhelper files at the top,
for serprog and coreboot, so that those variables defined in
those files can be global, but another solution to mitigate
that will also be implemented in a future commit.
the purpose of this and other revisions (in the final push
to complete lbmk audit 6 / cbmk audit 2) is to generalise as
much logic as possible, removing various ugly hacks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stub it from the trees script. the way it works now,
there is less code in the build system.
./build roms
this is no longer a thing
./build roms serprog
this is also no longer a thing. instead, do:
./update trees -b coreboot targetnamehere
./update trees -b pico-serprog
./update trees -b stm32-vserprog
the old commands still works, which causes the new
commands to run
coreboot roms now appear in elf/, not bin/, as before,
but those images now contain payloads.
NOTE: to contradict the above: ./build roms is no
longer a thing, in that it's now deprecated, but
backward compatibility is present for now. it will
be removed in a future release.
./build roms list also still works! it will do:
./update trees -b coreboot list
also:
./update trees -b grub list
this is now possible too
if a target "list" is provided, for multi-tree sources,
the targets are shown.
there is another difference: seagrub roms are now seagrub_,
instead of seabios_withgrub.
seabios-only roms are no longer provided, where grub is also
enabled; only seagrub is used. the user can easily remove
the bootorder file, if they want seabios to not try grub first.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we no longer need to call trees -b for payloads, because
build_depend is set in coreboot target.cfg files
Signed-off-by: Leah Rowe <leah@libreboot.org>
rename it to configure_project, because the function now
also handles building (a little bit), not just mere loading
of configuration files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We already have this to an extent, e.g. the xtree variable.
The xtree variable could probably be removed, in favour of
this, and used for the same purpose.
It works like this, for example:
build_depend="coreboot/default grub/xhci seabios u-boot/gru_bob flashprog"
the "/" denotes a tree, if it's a multi-tree project. However, specifying
the entire multi-tree project without slash is possible, for example:
build_depend="coreboot"
this would specify that all coreboot trees must be built.
This functionality will be used in follow-up commits, centralising
script/trees into mk on the main directory, repacing "build".
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't put it in the install modules.
this works around a hanging issue on haswell thinkpads.
when any usb device is inserted, GRUB will sometimes
hang if started from the SeaBIOS payload, *while* the
USB device is plugged in.
plugging in the USB device after GRUB starts worked.
it will have to be investigated more at a later date,
but this simply configuration change works.
the xhci module is already loaded explicitly, in grub.cfg
Signed-off-by: Leah Rowe <leah@libreboot.org>
stick the makeargs in mkhelper
i previously did cbmakeargs because the old revisions
had to define makeargs per-target otherwise. mkhelper
was done specifically to solve that problem.
Signed-off-by: Leah Rowe <leah@libreboot.org>
config/data/PROJECT/mkhelper.cfg can be provided, for
configuration, and it is loaded *before* target.cfg
there are certain instances where we repeat a lot of
config per tree, in multi-tree projects.
for example, we have the exact same config per grub
tree, besides tree name and revision number, for things
like autoconf arguments.
this last problem will be addressed, in a follow-up
patch, and then expanded upon for other projects.
Signed-off-by: Leah Rowe <leah@libreboot.org>
e.g. ./update trees -f
if passed, this command would download every tree
similarly, the -c option can be used in this way. this
solves a longstanding issue: on the current, much more
efficient design, it was not possible to systematically
clean every project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
some of the variables only initialised in git.sh are
also used in the trees script, which is technically ok
because git.sh is included from the trees script, but
it makes more sense to declare them in the latter.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the git_prep function already creates the given
directory where source code goes, so we don't
need to do it from the trees script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when downloading multi-tree projects, the rev can be reset
to HEAD instead of the actual rev for a given target. this
occurs when the bare repo (e.g. src/coreboot/coreboot) does
not exist and has to be downloaded first.
bare repository downloading does not rely on target.cfg, in
this context, only pkg.cfg, but it uses the same variable
names (e.g. "rev").
instead of using a separate variable name, thus increasing
code complexity (which is the exact opposite of what i want
to do), do the bare repository download first.
this means that the git.sh script is much cleaner now, for
multi-tree projects, in that it *only* copies the bare repo
then runs git_prep; in that context, the bare repo is cloned
directly by calling the relevant function from script/trees,
which is the same behaviour as when cloning single-tree
project sources.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the same function that loads configurations for single-tree
projects has been merged with the function for multi-tree
configs in git.sh, and that functionality has been removed
from git.sh; now it is all unified in the trees script.
as the saying goes: write one program to do one thing well.
the purpose of git.sh is to download source code, but not
to handle configuration files; the latter is meant to be
handled by the trees script, which then calls into git.sh
before running the build logic for that given project.
additionally: the "seen" files are no longer handled, at all.
the logic there was added ages ago, because at the time, i was
considering whether to separate configuration into a new
repository, so that users could more easily make their own
configuration, so it was a guard against misconfiguration.
however, that decision was canceled and we're always very
careful not to introduce a loop; if a loop does occur, the
worst that can possibly happen is you waste some CPU cycles.
Instead, print (on standard output) what config file is being
used, so the operator can see when an infinite loop occurs.
ALSO:
remove _setcfgarg in load_project_config()
it was used to skip when a target.cfg file didn't exist,
specifically on single-tree projects, but this is now
handled using -f instead, on the while loop inside that
function, so _setcfgarg is now a redundant variable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these variables are initialised empty, then populated
by reading a configuration file.
it may be that in some cases, we want these variables
to be empty. besides that, the "setcfg" command before
it will throw an error if the module file is missing,
and it is assumed that the variables would be set there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the next command is a copy, which would give us the error
if the file doesn't exist, and an appropriate message
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is over-engineering, because we do not allow just
about any path to be provided; it's not provided as an
argument in a command, for example.
this is dictated by a configuration file, which we control.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to check whether the binary exists, because
make already does that for us.
we still need to check that the directory exists, because
older versions of coreboot did not include kbc1126, and we
do still use older coreboot revisions on some boards.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if injection is attempted, verification comes next,
and verification fails.
this happens for kcma/kgpe amd boards, where pike2008
fake roms are inserted by inserting the correct pci
ids using /dev/null as a source. an empty pike2008 rom
prevents seabios from loading the real pci rom, and this
is done because the real one hangs SeaBIOS.
a similar fix was made for ./vendor download, but
overlooked for ./vendor inject. this patch fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
testing +x is all well and good, but the variable string
may be empty, even if set. some of the checks in the build
system are relying on the latter, so handle it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current check is flawed, because if u-boot doesn't
exist, but a given build would be the file verified by
the first check, the check would still fail even after
then building u-boot.
building it first will make this check pass, under such
a condition.
Signed-off-by: Leah Rowe <leah@libreboot.org>
again: the trees script already checks binaries,
and already checks sources. if they exist, the
relevant action is skipped entirely.
we don't need to check it in vendor.sh, because the
trees script already performs the same check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to download the entire coreboot tree here,
because the next command after it builds utils from that
tree, using the trees script which would then go and
download that tree anyway; this is part of the design.
if a given elf binary exists, it won't be re-built, but
the missing sources will still be downloaded automatically.
Signed-off-by: Leah Rowe <leah@libreboot.org>
mktemp will never return empty output, and the next
command after it is an mkdir, which would throw an
error anyway, if the string is empty.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also remove inject_vendorfiles() and merge it
into vendor_download()
the "release" variable is included in some target.cfg
files, which we put in config/coreboot/ and handle
here, so they could conflict with the release variable
used in vendor.sh, used for a different purpose. therefore,
rename it to "vrelease".
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead, make it a helper function, defined in target.cfg
this means that we can also do the same with other projects
in the future, and it is expected that we will have to.
these helper functions are used in cases where we want
additional actions to be performed.
actually, the helper could be anything. for example, you
could write:
mkhelper="./build foo bar"
and it would do that (at the point of execution, PWD
is the root directory of the build system)
Signed-off-by: Leah Rowe <leah@libreboot.org>
the script used to support building multiple single-tree
projects, but this behaviour was buggy and unused, so it
was removed.
rename the build_projects variable accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it was always by design that an error should occur, if a
target.cfg file does not exist on multi-tree projects,
but we previously did not support target.cfg files on
single-tree projects.
single-tree target.cfg support was later added, and it was
done by making target.cfg optional there, but i accidentally
made it optional on multi-tree projects.
in practise, all multi-tree projects included target.cfg,
but this was not being enforced in code.
this patch should fix the issue.
Signed-off-by: Leah Rowe <leah@libreboot.org>
set it to "auto", because otherwise it'll be unset,
which means that kconfig type is assumed.
the build system is designed in such a way that multi-tree
is assumed, if the target build system uses kconfig files.
target.cfg is optional on single-tree but not multi-tree,
so it's ok to set something here.
basically, kconfig-type projects will never be single-tree.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't hardcode the check based on whether the current
project is grub. instead, define "btype" in target.cfg
if unset, we assume kconfig and permit kconfig commands
e.g. make menuconfig, make silentoldconfig, etc
this is to avoid the deadliest of sins:
project-specific hacks
Signed-off-by: Leah Rowe <leah@libreboot.org>
the trees script itself will check that the directory
exists, and exit with zero status if it does, without
doing anything else other than the return.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't want the user to flash coreboot from elf/, because
those images do not contain payloads. the user must flash from
bin/
ample warning is given, at build time, but the warning is written
in english. therefore, some people may not understand it, because
they may not even speak english.
hide the coreboot elf/ directory, to mitigate this possibility.
in most cases, this will probably prevent the average user from
flashing those images, since they likely won't see it.
the "DO NOT FLASH" warning is still included in that directory
name, while creating it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we override TMPDIR, setting it to /tmp/xbmk*C
if it's just set to tmp, that means we didn't set it properly,
which is a bug.
this patch protects against deletion of /tmp under such a
fault condition, if it were ever to occur in the future.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current logic for handling multiple single-tree projects
is quite error-prone, and uses recursion.
since we don't actually use it this way, remove that feature.
the most correct way to do it is with a for loop.
Signed-off-by: Leah Rowe <leah@libreboot.org>
doing nothing means that if a flag is passed, and then
another flag overriding it, the resulting action will
not be correct; only one flag should be provided anyway,
but some users may feel a bit more adventurous.
mitigate it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, release=n is ignored and an image is built in
the elf/ directory, even if it's still skipped for bin/
avoid doing unnecessary work per-release by checking the
variables before building coreboot via script/trees
Signed-off-by: Leah Rowe <leah@libreboot.org>
error out if it's not set. ditto projectsite.
that way, if the files are accidentally deleted, or not
added in a derivative of the build system, you'll know.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need this message here, because the final confirmation
at the end of main() says which targets were built. saying what
individual rom images were built is just needless bloat,
especially with the new simplified lbmk design; we no longer
provide lots of rom images with different keymaps, because we
now expect the user to insert a gkb file themselves with cbfstool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
because we use crossgcc here, blindly running trees -f
means needlessly re-running buildgcc, which then checks
for gcc binaries, even though we already know that the
u-boot binary exists. skip this check if u-boot exists.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we're building it per coreboot configuration file, rather
than per-target; the latter is more appropriate, and saves
on compilation time.
do it per-target.cfg, not per coreboot configuration.
this works because the trees script compiles all images
per target, for each given coreboot configuration within
that target, e.g. libgfxinit _corebootfb and _txtmode.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sometimes buildgcc just fails for like no reason. we had this
the other day and another fix was made to the trees script, to
mitigate; the user ran it again and buildgcc worked just fine.
run it twice, and then call err only if the second one fails.
Signed-off-by: Leah Rowe <leah@libreboot.org>
just run the make crossgcc command anyway.
coreboot's own build system checks itself, and much
more reliably, but the check is more thorough and a bit
slower.
in rare cases, lbmk may come into build issues with xgcc,
and if you run the build again, it will always fail every
time because the checks is based on whether the xgcc
directory exists, rather than checking each
individual crossgcc binary.
checking every binary is also possible, but as i said,
the coreboot build system already does that, so let's defer
to coreboot's own handling of it.
remove the directory check. this will slow down the build
process a little bit, but should improve reliability under
fault conditions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the e() and setvars() functions need to be declared before
the dependencies function.
also: after calling install_packages, it was doing a return
when it should have done an exit.
this is all fixed now. i apologise to anyone who previously
ran into trouble with this!
Signed-off-by: Leah Rowe <leah@libreboot.org>
Never, ever build images where GRUB is the primary payload.
These options have been removed from target.cfg handling:
* seabios_withgrub
* grub_withseabios
The "payload_grub" variable now does the same thing as
the old "seabios_withgrub" variable, if set.
The "grubonly" configuration is retained, and enabled by
default when SeaGRUB is enabled (non-grubonly also available).
Due to lbmk issue #216, it is no longer Libreboot policy to
make GRUB the primary payload on any board. GRUB's sheer size
and complexity, plus the large number of memory corruption issues
similar to it that *have* been fixed over the years, tells me
that GRUB is a liability when it is the primary payload.
SeaBIOS is a much safer payload to run as primary, on x86, due
to its smaller size and much more conservative development; it
is simply far less likely to break.
If GRUB breaks in the future, the user's machine is not
bricked. This is because SeaBIOS is the default payload.
Since I no longer wish to ever provide GRUB as a primary
payload, supporting it in lbmk adds needless bloat that
will later probably break anyway due to lack of testing,
so let's just assume SeaGRUB in all cases where the user
wants to use a GRUB payload.
You can mitigate potential security issues with SeaBIOS
by disabling option ROM execution, which can be done at
runtime by inserting integers into CBFS. The SeaBIOS
documentation says how to do this.
Libreboot's GRUB hardening guide still says how to add
a bootorder file in CBFS, making SeaBIOS only load GRUB
from CBFS, and nothing else. This, combined with the
disablement of option ROM execution (if using Intel
graphics), pretty much provides the same security benefits
as GRUB-as-primary, for example when setting a GRUB password
and GPG checks, with encrypted /boot as in the hardening guide.
Signed-off-by: Leah Rowe <leah@libreboot.org>
due to lbmk issue #216, it is now unwise to use grub as the
primary payload on any machine; the sheer complexity of grub
and the number of memory corruption bugs that have been fixed
due to auditing over the years, means more such bugs exist.
we now provide seabios as the primary payload on all x86 ports,
but provide a "grubfirst" configuration where a bootorder file
in seabios can be added via cbfs, which tells seabios to load
grub from cbfs first, while still allowing use of the boot select
menu by pressing esc in seabios.
well, the "grubonly" option also disables the seabios esc menu,
so that *only* grub runs. there is no point in using this unless
you want to harden your setup, for example if you want to set up
encrypted /boot and boot that from grub, and have a grub password
disallowing unauthorised bootup of your machine.
see grub hardening guide;
https://libreboot.org/docs/linux/grub_hardening.html
at least as of today, 22 June 2024, that page already says
how to manually disable the seabios menu in the same way, if that
is the setup you want. alternatively, a user may be wily
enough to edit target.cfg for their board and compile a rom
that only has the grub payload in it, if that is what the user
wishes to do.
regardless, the default configurations provided by lbmk must never
be unsafe, norc should the build system support such unsafe
settings;
yes, grub as primary payload is technically still supported in
lbmk. actually, at the time of this revision, i have half a mind
to remove that functionality altogether, so that only seabios is
allowed as primary payload, when compiling a rom image that also
has grub, chainloading grub from the seabios menu instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's bloat. telling the user to rtfm is something that
we already do on irc; they will still ask how to do
everything, and ignore the message from badcmd(), or
they will automatically know to rtfm.
i'm on a massive purge, removing bloat from lbmk as
part of Libreboot Build System Audit 6.
all bloat must go.
Signed-off-by: Leah Rowe <leah@libreboot.org>
replace it with logic that simply uses "." to load
files directly. for this, "vcfg" is added as a variable
in coreboot target.cfg files, referring to a directory
in config/vendor/ containing a file named pkg.cfg, and
this file then contains the same variables as the
erstwhile config/vendor/sources
config/git files are now directories, also containing
pkg.cfg files each with the same variables as before,
such as repository link and commit hash
this change results in a noticeable reduction in code
complexity within the build system.
unified reading of config files: new function setcfg()
added to lib.sh
setcfg checks if a config exists. if a 2nd argument is
passed, it is used as a return value for eval, otherwise
a string calling err is passed. setcfg output is passed
through eval, to set strings based on config; eval must
be used, so that the variables are set within the same
scope, otherwise they'd be set within setcfg which could
lead to some whacky results.
there's still a bit more more to do, but this single change
results in a substantial reduction in code complexity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
do not use shorthand here. the test was failing to
produce the desired result under some circumstances,
for example when i did "./update release" i got this:
make: Entering directory '/home/lbdev/lbmk/release/20240612-62-ga6b1a6bd/libreboot-20240612-62-ga6b1a6bd_src/src/stm32-vserprog'
make: *** No rule to make target 'fetch'. Stop.
make: Leaving directory '/home/lbdev/lbmk/release/20240612-62-ga6b1a6bd/libreboot-20240612-62-ga6b1a6bd_src/src/stm32-vserprog'
ERROR script/trees: !mk src/stm32-vserprog fetch
ERROR ./update: excmd: script/trees -f
ERROR script/roms: Unhandled non-zero exit: ./update
ERROR ./build: excmd: script/roms serprog
ERROR ./update: build_release release/20240612-62-ga6b1a6bd: stm32
ERROR ./update: can't build rom images
in the above circumstance, run_make_command was executed,
which is not the desired behaviour; rather, fetch_project_trees
or fetch_project_repo should be called, and then the script
should immediately exit. it should also exit, without downloading
anything, if a changelog file exists as in release archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 3610667e3d.
The output of some functions in the roms script are used as
an argument in cp and mv commands, also cbfstool. I overlooked
this fact in a previous code optimisation.
Revert it. The change only reduced sloccount by a few lines
anyway.
i tried to be clever with this one, but it just made
the script exit with an error.
revert back to the old check (check whether one of
either repo or repo backup is set)
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is bloat, because it's something the user can already
do at runtime configuration anyway.
set it to a reasonable default of 8 seconds instead of 5,
and don't honour the timeout variable in target.cfg.
this will be documented in the next release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i disabled a check in the script, while testing a prior
modification. re-introoduce the check, which is put there
to yield an error condition if no targets were compiled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
payloads are compiled before coreboot, but it doesn't matter
to the build speed whether this is done first.
reduce the lines of code by checking payload builds *while*
adding them to the coreboot images. this means that coreboot
is now compiled first, before the payloads.
Signed-off-by: Leah Rowe <leah@libreboot.org>
nowadays, we don't insert GRUB keymaps automatically, for
sake of efficiency; without one, the default is US QWERTY.
a user will only want one keymap in particular, so this
is more efficient. in practise, they're either building
from source anyway, or using the inject scripts which
compile cbfstool anyway, so the user will already have
cbfstool.
also output this message from the inject script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there are two for loops that use x as a variable anme,
and an idiosyncrasy of certain sh implementations is
that these become global;
the result in this case was that when you finish building
every target in "./build roms", it would print "libgfxinit"
repeatedly, comma separated, instead of a comma-separated
list of the targets that were built.
work around it by renaming the variable in one of the loops.
Signed-off-by: Leah Rowe <leah@libreboot.org>
cbcfg is already a global variable, so there's no reason
to set it again at the start of this function.
remove the check for whether the given coreboot config
exists, to the calling function instead of build_roms().
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to call mktemp everytime.
just use a staticly named file in tmpdir
and keep overwriting it.
these files are only small, and they get deleted
when the build system exits later on.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to check whether this variable is set,
because checking an empty path will also cause the
same return in the next line.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the background is only a few kb. the whole rationale
before was to limit the space used in memdisk, but this
decision was made when the background was much bigger;
it has since been optimised greatly, and the grub modules
were heavily reduce, so it should be safe.
grub's memdisk breaks when you add too much data to it.
as part of simplifying the rest of lbmk, this change removes
some more bloat from the rest of lbmk. handling this in the
memdisk is much simpler than handling it with cbfstool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if not inserted, the default keymap is usqwerty.
don't waste ssd write cycles copying so many images,
or cpu time compressing so many. the user can simply
add a keymap.gkb file to cbfs and it will work fine.
this will be documented in the next release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
rely on return status per each of the three main rom
functions, to then update the "targets" variable.
use this as the basis to determine which targets were
built, during final confirmation when the script exits.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current validation check is extremely over-engineered,
because the user override is no longer available and we're
always very careful in how we modify target.cfg per board.
remove the redundant code. trust that target.cfg is correct.
Signed-off-by: Leah Rowe <leah@libreboot.org>
p = payload
s = grub_scan_disk
d = displaymode
setting the payload is no longer safe, due to issue 216
and similar issues that might pop up in the future; it's
best left only to target.cfg, per board, so that we know
what config is safe/tested. don't let the user override it.
scandisk isn't safe to override because the given machine
may not have the type of device that the user specifies
displaymode is actually ok to set, because it simply whitelists
what configs pre-existing to actually use, but it's bloat
basically, the rule is this:
don't make it easy for the user to brick their hardware.
make it harder instead.
a user wily enough to go modifying their payload will probably
have read docs/maintain/ anyway and knows how to edit target.cfg
if they want another board configuration.
Signed-off-by: Leah Rowe <leah@libreboot.org>
[supported motherboards](https://libreboot.org/docs/install/#which-systems-are-supported-by-libreboot). It replaces proprietary vendor BIOS/UEFI implementations, by
* Using coreboot to initialize the hardware (e.g. memory controller, CPU, etc.) while
minimizing unwanted functionality (e.g. backdoors such as the Intel Management Engine)
* ... which runs a payload such as SeaBIOS, GRUB, or U-Boot
* ... which loads your operating system's boot loader (BSD and Linux-based
[systems](systems) are supported).
Why use Libreboot?
==================
Why use Libreboot, and what is coreboot?
----------------------------------------
Why should you use *libreboot*?
----------------------------
A lot of users who use libre operating systems still use proprietary boot
firmware, which often contain backdoors and bugs, hampering
[user freedom](https://writefreesoftware.org) and
[right to repair](https://www.eff.org/issues/right-to-repair).
Libreboot gives you freedoms that you otherwise can't get with most other
boot firmware. It's extremely powerful and configurable for many use cases.
[coreboot](https://coreboot.org) provides libre boot firmware by initializing
the hardware then running a payload. However, coreboot is notoriously difficult
to configure and install for most non-technical users, requiring detailed
technical knowledge of hardware.
You have rights. The right to privacy, freedom of thought, freedom of speech
and the right to read. In this context, Libreboot gives you these rights.
Your freedom matters.
[Right to repair](https://vid.puffyan.us/watch?v=Npd_xDuNi9k) matters.
Many people use proprietary (non-libre)
boot firmware, even if they use [a libre OS](https://www.openbsd.org/).
Proprietary firmware often contains backdoors (more info on the FAQ), and it
and can be buggy. The libreboot project was founded in December 2013,
with the express purpose of making coreboot firmware accessible for
non-technical users.
Libreboot solves this by being **a coreboot distribution** (in the same way
that Alpine Linux is a Linux distribution). It provides a fully automated build
system that downloads and compiles pre-configured ROM images for supported
motherboards, so end-users could easily fetch images to flash onto their
devices.
The `libreboot` project uses [coreboot](https://www.coreboot.org/) for [hardware
sb/intel/bd82x6x: Apply EHCI mapping to xhci_overcurrent_mapping
Removing this from the devicetree also allows the
board to compile, otherwise an error is thrown:
build/mainboard/hp/compaq_elite_8300_cmt/static.c:147:10: error: 'const struct southbridge_intel_bd82x6x_config' has no member named 'xhci_overcurrent_mapping'
147 | .xhci_overcurrent_mapping = 0x00000c03,
| ^~~~~~~~~~~~~~~~~~~~~~~~
build/mainboard/hp/compaq_elite_8300_cmt/static.c:147:37: error: excess elements in struct initializer [-Werror]