ii used to rely on errno for exit status, but this was flawed.
when removing it, i neglected to adjust the actual error exits,
setting errno accordingly. this patch should fix it. this is
important for scripts that use nvmutil, which may rely on its
error status upon exit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit fedeb6ecd8.
this, along with several other updates, have been reverted.
dell 3050 micro had boot issues, on the update. i therefore
revert the recent revision update, pending further investigation.
thanks to sirlami on irc for pointing this out.
due to lbmk blob policy, we must not distribute
fsp except as the full, concatenated binary, thus
complying with intel's license. it is removed from
builds before release, re-inserted via vendor
inject scripts in the usual way.
a while ago, coreboot updated fsp but i had to keep
it on the earlier version for this board, lest old
releases no longer match vendor insertion; the new
fsp version also wasnet well tested, and didn't seem
to contain any changes reported that pertained to
our use of it.
the fsp headers do not match the fsp binary in use,
causing boot issues for users on topton x2e n150.
this patch should fix the issue, as reported by
sirlami who is the one who found and first tested
this fix; i'm simply changing the configuration,
as per sirlami's guidance.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this version is more tested. i'll merge _decode back
once it's better tested. it contains a lot of invasive
changes, whereas recv is much closer to the original GNU
code that i inherited, that i also know works quite well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i should probably test musl as well, on linux
libreboot-utils is stable on the glibc systems i tested
with linux. it is quite buggy on bsd systems.
it's irresponsible to let users compile this until i've
properly tested the code. putting this error in for now.
i made lbmk use the old nvmutil version for now, and retro
fitted several improvements to i/o there from lbutils,
changes that i know are stable on bsd.
Signed-off-by: Leah Rowe <leah@libreboot.org>
adapted from the changes made in lbutils
i'm just patching this crappy code. lbutils doesn't
work properly on openbsd yet, and i just want nvmutil
to work properly there, so i'm using the old code for
now, on openbsd.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't fix it for now. this version was buggy.
i'm only using nvmutil for now, until i properly
fix all the memory issues in lbutils on openbsd.
Signed-off-by: Leah Rowe <leah@libreboot.org>
same fix i did for lbutils
the nvmutil version is the same one used before
lbutils was introduced. just before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i'm trying to make nvmutil work on openbsd. the new code
in lbutils is a bit buggy, likely somewhere in mkhtemp.
i'm still debugging it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
check if above or equal to zero, except where
counterindicated. this is the usual way on unix,
where a command returns -1 on error, or above/equal
to zero on success.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the linux fast path, we are universally overriding
errno with EEXIST, which pollutes errno in case of
debugging under fault condition. this is inconsistent
with posix and also leah.
Signed-off-by: Leah Rowe <leah@libreboot.org>
See the commit message in the patch:
Before this patch, hotplugging only worked to replace drives (if you
tried to plug a drive into a SATA port that no drive was plugged in to
at boot, it wouldn't be detected) and you'd have to manually rescan
the bus (echo "- - -" > /sys/class/scsi_host/host*/scan) to make
plugs/unplugs get detected by the operating system.
Now, hotplugging works for all ports (tested and working on Supermicro
X11SSH-LN4F) and there's no need to manually rescan (it sometimes
takes a few seconds for unplugs to be detected, but plugs are detected
instantly).
Also submitted upstream as https://review.coreboot.org/c/coreboot/+/91824
not indicated. the way we use it is basically like
stat, to check that a file exists / is a file.
just err the fuck out
nuance: SETLK is non-blocking (no wait).
we should loop on SETLKW, but we don't use that.
in this codebase, we use SETLK for locking a
tmpfile, but because of race conditions and
wanting to make another file quickly, we just
try again with a newly generated name, with a
certain number of retries, so we justt use SETLK
Signed-off-by: Leah Rowe <leah@libreboot.org>
call it rw_exact, so that it's closer to
the name rw. it matches naming more closely;
the alternative was to call rw rw_file
but read/write can handle more than just files!
Signed-off-by: Leah Rowe <leah@libreboot.org>
even with a timer, it's possible that on a buggy system,
we may keep writing even though the outcome is zero. if
a system comes back with zero bytes written, that is a
fatal bug and we should stop.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the actual warn flags are still there.
leaving Werror in production is ill advised.
i can (and will) still fix build errors as
i see them.
as a result of this, i now also see more info
when i type:
make strict
(this uses clang with -Weverything)
Signed-off-by: Leah Rowe <leah@libreboot.org>
rw is enough. i unified everything there.
next commit will remove rw_type and instead
run positional i/o depending on whether the
offset is zero. i'm simplifying the API a lot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
add options for building with urandom+openat and
arc4+openat. useful for emulating a bsd / old linux
environment in modern linux distros, for portability
testing.
these options are not recommended for everyday use.
just use make without any special options, and the
code has build-time OS detection for features like
randomisation/openat2.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these can be set explicitly in the compiler flags,
e.g.
make CC="cc -DUSE_OPENAT=1 -DUSE_URANDOM=1"
these options, if set to 1, will cause you to use
the code as if it were running on non-linux systems
such as openbsd. of course, some differences will
still exist, but this is useful for portability
testing when compiling on linux.
Signed-off-by: Leah Rowe <leah@libreboot.org>
and remove manual prototypes; fchmod, realpath
and so on rely on the _XOPEN_SOURCE macro.
the POSIX macro wasn't needed: _XOPEN_SOURCE
is sufficient.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, i will end up with a mess like the
one i recently fixed.
we always want to use correct C. the current
spec is set to c99, with -pedantic turned on.
flags now:
-Os -Wall -Wextra -std=c99 -pedantic -Werror
if you do: make hell, you get (uses clang):
-Os -Wall -Wextra -std=c99 -pedantic -Werror -Weverything
i initially loosened up the Makefile rules, so
that the code would be more "portable", but
every compiler worth caring about has these
flags, and turning them on is advisable,
especially pedantic and -std, because you want
to have some guarantee that the compiler is
generating correct code; if the standard is
left ambiguous, you could be introducing subtle
bugs when people compile it, because who knows
what spec the compiler is using?
Signed-off-by: Leah Rowe <leah@libreboot.org>
i wasn't using strict mode enough in make:
make strict
now it compiles cleanly. mostly removing
unused variables, fixing implicit conversions,
etc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In file included from /home/user/lbmk/src/coreboot/fam15h/util/cbfstool/partitioned_file.h:19,
from /home/user/lbmk/src/coreboot/fam15h/util/cbfstool/partitioned_file.c:16:
/home/user/lbmk/src/coreboot/fam15h/util/cbfstool/common.h:34:16: error: expected ‘)’ before ‘__attribute__’
34 | #define unused __attribute__((unused))
| ^~~~~~~~~~~~~
In file included from /home/user/lbmk/src/coreboot/fam15h/util/cbfstool/common.h:25:
/home/user/lbmk/src/coreboot/fam15h/src/commonlib/include/commonlib/helpers.h:137:40: error: expected identifier or ‘(’ before ‘)’ token
137 | #define __unused __attribute__((unused))
^ this removes that error
Signed-off-by: Leah Rowe <leah@libreboot.org>
but i can't write a generic function for this,
because fcntl is a variadic function, so wrapping
cannot be done cleanly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, we invoke the state machine in weird
conditions, where some pointers may not be initialised.
we could handle this properly, but why?
therefore, the errhook is called after the argc
check.
this patch fixes a Speicherzugriffsfehler that
i got while running nvmutil with below 3 arguments
Signed-off-by: Leah Rowe <leah@libreboot.org>
where possible, try not to clobber sys errno. override
it only when relatively safe.
also: when a syscall succeeds, it may set errno. this
is rare, but permitted (nothing specified against it
in specs, and the specs say that errno is undefined
on success).
i'm not libc, but i'm wrapping around it, so i need
to be careful in how i handle the errno value.
also:
i removed the requirement for directories to be
executable, in mkhtemp.c, because this isn't required
and will only break certain setups.
in world_writeable and sticky, i made the checks stricter:
the faccessat check was being skipped on some paths, so
i've closed that loophole now.
i also generally cleaned up some code, as part of the errno
handling refactoring, where it made sense to do so, plus a
few other bits of code cleanup.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the portable version was written for fun, but
it's bloat, and makes the code hard to read.
every unix since about 2005 has these functions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a non-blocking file descriptor could be used while
errno is set to these. this would create an infinite
loop. it's better that we only allow EINTR.
Signed-off-by: Leah Rowe <leah@libreboot.org>
some io syscalls may set errno on success. this patch
honours that. we try to preserve caller errno, but it
is important for debugging not to clobber it.
if fs_err_retry errs, then we don't reset errno.
if fs_err is successful but errno wasn't set, we
restore caller errno. this is done by setting errno
to zero in callers, which also restore caller errno.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i previously used error status and set return values
indirectly. i still do that, but where possible, i
also now return the real value.
this is because these string functions can no longer
return with error status; on error, they all abort.
this forces the program maintainer to keep their code
reliable, and removes the need to check the error status
after using syscalls, because these libc wrappers mitigate
that and make use of libc for you, including errors.
this is part of a general effort to promote safe use
of the C programming language, especially in libreboot!
Signed-off-by: Leah Rowe <leah@libreboot.org>
on the conditions where these functions encounter
an unexpected error, we currently return -1
this means that the caller must check. which means
the caller won't check. nobody does. i often forget.
force the caller (me) to be correct, instead.
the current calling convention is that the real
return value is stored in a pointer, provided inside
the function signature, on a given string function,
and the function's return value is merely an indicator.
this calling convention is retained for now; the next
patch will change it, such that the real value is also
the function's return value. this is more flexible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
operate per word, not per byte
this is also done on sdup, which uses a slightly
inefficient method: the new string allocation is
that of the maximum size, rather than what we
need. for example, if you wanted a 20 character
string (21 including null), you would still allocate
4096 bytes if that was the maximum length.
it's a bit naughty, and i have half a mind to
keep sdup on the old implementation, but i'll leave
it be for now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i added a fake -t option, which doesn't actually
read optarg, so that -t usage can just override
the normal template. mkhtemp isn't ready for
distros yet, but it's ready for lbmk.
i hacked the makefile to also copy the binary to
mktemp, and i set PATH in lbmk so that this binary
is used insttead of the one on your system.
that way, upstream projects use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
delete tmpfiles after operation. fixes a bug where
tmpfiles are left behind after running the dump
command.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i forgot to do this!
with this, I/O should be bullet proof now.
i already loop this on other I/O commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
spoiler alert: it's slow as molasses
part 2 will be presented at a later date
(yes, please don't fill 8GB of memory with
random data and hexdump it)
Signed-off-by: Leah Rowe <leah@libreboot.org>
the functions no longer return errors, so i don't
need to handle them.
furthermore, the handling in state.c is redundant,
so i've removed that too.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make it more reliable; it can't segfault
now, under any circumstance. not even
once.
the problem arised when lbsetname was not
called in a program, before calling the
function: lbgetprogname. a segfault would
occur, due to it being NULL.
not every os/libc has getprogname, so i have
my own implementation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
not c90
i use stdint now on a few files. i had this
idea in my head to use C89 for some reason,
but this is pointless.
c99 however is worthy as a minimum, because
for example, compilers like tcc will adhere
to its spec (for the most part), so this is
the minimum reasonable requirement on modern
unix systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a more generic one that i implemented
for "lottery.c" (which is really just a tester
of my rset function in lib/rand.c)
i could probably actually write a full hexdump
program in libreboot-utils to be honest.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i currently return pointers to these, without copying.
they can fade because of this. make them static, since that
is what they should be anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
free can take a null, that's fine, but my pointer
to the pointer being freed should not be null. that
is a bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
remove close_warn and close_no_err
make close_on_eintr a void, and abort
on error instead of returning -1.
a failed file closure is a world-ending
event. burn accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i now use a singleton hook function per program:
nvmutil, mkhtemp and lottery
call this at the startup of your program:
(void) errhook(exit_cleanup);
then provide that function. make it static,
so that each program has its own version.
if you're writing a program that handles lots
of files for example, and you want to do certain
cleanup on exit (including error exit), this can
be quite useful.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i no longer care about openbsd 5.9. we assume unveil
is available, as has been the case for the past 12
years.
i use wrappers for unveil and pledge, which means that
i call them on every os. on OSes that don't have these,
i just return. it's somewhat inelegant, but also means
that i see errors more easily, e.g. misnamed variables
inside previous ifdef OpenBSD blocks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
yes, a common thing in C programs is one or all
of the following:
* use after frees
* double free (on non-NULL pointer)
* over-writing currently used pointer (mem leak)
i try to reduce the chance of this in my software,
by running free() through a filter function,
free_if_not_null, that returns if a function
is being freed twice - because it sets NULL
after freeing, but will only free if it's not
null already.
this patch adds two functions: smalloc and vmalloc,
for strings and voids. using these makes the program
abort if:
* non-null pointer given for initialisation
* pointer to pointer is null (of course)
* size of zero given, for malloc (zero bytes)
i myself was caught out by this change, prompting
me to make the following fix in fs_dirname_basename()
inside lib/file.c:
- char *buf;
+ char *buf = NULL;
Yes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
clamp rand to eliminate modulo sampling; high
values on the randomisation will bias the result.
not really critical for mac addresses, but there's
no reason not to have this. this patches reduces
the chance that two libreboot users will generate
the same mac addresses!
Signed-off-by: Leah Rowe <leah@libreboot.org>
(for real pwrite/pread. don't use the compatibility
one - it works perfectly, but using it is pointless
and may have unknown bugs, even though i know it's
probably perfect)
Signed-off-by: Leah Rowe <leah@libreboot.org>
concatenate an arbitrary number of strings,
pointed to by char **
i'll use this and the next function, dcatn,
in an upcoming feature planned for mkhtemp.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make it more efficient. much lower rejection
rate now, about 2-5%. deal with bias, but also
get numbers in bulk. not too many.
i'd say this is about right in terms of performance
balance. 64 bytes == 8 large integers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
build-time option. do not allow fallback; on
a system where getrandom is used, it should
be used exclusively.
on some systems, getrandom may not be available,
even if they have a newer kernel.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This will also be used in lbmk itself at some point,
which currently just uses regular mktemp, for tmpdir
handling during the build process.
Renamed util/nvmutil to util/libreboot-utils, which
now contains two tools. The new tool, mkhtemp, is a
hardened implementation of mktemp, which nvmutil
also uses now. Still experimental, but good enough
for nvmutil.
Mkhtemp attempts to provide TOCTOU resistance on
Linux, by using modern features in Linux such as
Openat2 (syscall) with O_EXCL and O_TMPFILE,
and many various security checks e.g.
inode/dev during creation. Checks are done constantly,
to try to detect race conditions. The code is very
strict about things like sticky bits in world writeable
directories, also ownership (it can be made to bar even
root access on files and directories it doesn't own).
It's a security-first implementation of mktemp, likely
even more secure than the OpenBSD mkstemp, but more
auditing and testing is needed - more features are
also planned, including a compatibility mode to make
it also work like traditional mktemp/mkstemp. The
intention, once this becomes stable, is that it will
become a modern drop-in replacement for mkstemp on
Linux and BSD systems.
Some legacy code has been removed, and in general
cleaned up. I wrote mkhtemp for nvmutil, as part of
its atomic write behaviour, but mktemp was the last
remaining liability, so I rewrote that too!
Docs/manpage/website will be made for mkhtemp once
the code is mature.
Other changes have also been made. This is from another
experimental branch of Libreboot, that I'm pushing
early. For example, nvmutil's state machine has been
tidied up, moving more logic back into main.
Mktemp is historically prone to race conditions,
e.g. symlink attacks, directory replacement, remounting
during operation, all sorts of things. Mkhtemp has
been written to solve, or otherwise mitigate, that
problem. Mkhtemp is currently experimental and will
require a major cleanup at some point, but it
already works well enough, and you can in fact use
it; at this time, the -d, -p and -q flags are
supported, and you can add a custom template at
the end, e.g.
mkhtemp -p test -d
Eventually, I will make this have complete parity
with the GNU and BSD implementations, so that it is
fully useable on existing setups, while optionally
providing the hardening as well.
A lot of code has also been tidied up. I didn't
track the changes I made with this one, because
it was a major re-write of nvmutil; it is now
libreboot-utils, and I will continue to write
more programs in here over time. It's basically
now a bunch of hardened wrappers around various
libc functions, e.g. there is also a secure I/O
wrapper for read/write.
There is a custom randomisation function, rlong,
which simply uses arc4random or getrandom, on
BSD and Linux respectively. Efforts are made to
make it as reliable as possible, to the extent
that it never returns with failure; in the unlikely
event that it fails, it aborts. It also sleeps
between failure, to mitigate certain DoS attacks.
You can just go in util/libreboot-utils and
type make, then you will have the nvmutil and
mkhtemp binaries, which you can just use. It
all works. Everything was massively rewritten.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Adds libreboot support for the Dell OptiPlex 3040 Micro based on the
OptiPlex 3050 Micro (same Skylake H110 PCH-H platform). Key differences:
DDR3L SODIMMs, Pentium G4400T-class CPUs (Skylake only), Realtek ALC3234
HDA, and Boot Guard neutralization via deguard.
Tested and booted on hardware.
Signed-off-by: Todd Baker <todd_baker@student.uml.edu>
err if buf NULL, len -1
also getrandom may return fewer bytes, so
loop that too.
why can't linux be like bsd? bsd is:
arc4random_buf(buf, len);
no checks needed. it never errs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
openbsd 2.1 has arc4random, which we detect here.
arandom was apparently added much later, so this
is dead code. remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we still fall back to the old /dev/urandom read
on older linux, via runtime detection (ENOSYS).
getrandom is better, because it guarantees entropy
via blocking, and works even when /dev/urandom
is unavailable.
it has the same practical benefit as arc4random,
which i use on bsd. linux can have arc4random,
but not every linux libc has it, so it's better
to use getrandom on linux.
older linux will fall back to /dev/urandom
Signed-off-by: Leah Rowe <leah@libreboot.org>
more random characters
i added support for higher than the standard 6
characters so i can go nuts
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Signed-off-by: Leah Rowe <leah@libreboot.org>
200 retries, not 100.
and open with O_NOFOLLOW and O_CLOEXEC
check X on mkstemp
support more than 6 X in mkstemp
make PATH_LEN 4096
1024 is a bit low
make default mkstemp length 4096
Signed-off-by: Leah Rowe <leah@libreboot.org>
i had this idea in my head of later porting this
to k&r c for fun. but screw it.
compiling on everything since 1989 is enough
Signed-off-by: Leah Rowe <leah@libreboot.org>
handle init in xstatus()
it's now a singleton design
also tidied up some other code
also removed todo.c. bloat.
will do all those anyway.
too much change. i just kept
touching the code until it
looked good
Signed-off-by: Leah Rowe <leah@libreboot.org>
question mark respects environmental variables
but isn't portable
you can just pass as argument on the command line
question mark is more useful for build systems,
but i'm not really bothered. the old way works.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make a singleton function instead
now there are technically no global variables,
so i can more easily start splitting this up
into multiple linked programs
Signed-off-by: Leah Rowe <leah@libreboot.org>
must be world writeable and not have sticky bits
a bit theoretical, but we're also reading TMPDIR,
which could be anything
due to how this is called, it defaults back to /tmp
if null is returned, so itt's safe
Signed-off-by: Leah Rowe <leah@libreboot.org>
set it really high though, so it's still
basically reliably
an EINTR/EAGAIN storm could cause problems
in prw()
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, a stale descriptor could be manipulated
easily by an attacker over time
very theoretical to be honest
Signed-off-by: Leah Rowe <leah@libreboot.org>
the actual cat function just writes to stdout
we need only check that the input is null, which
i've now done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
where feasible, don't assign them at declaration
this is especially important for the next change
i'm working on
Signed-off-by: Leah Rowe <leah@libreboot.org>
call it sooner. set new_state afterward.
i had to uncouple nv from some functions
for this, and i also added some extra
checks especially at exit, about whether
to touch nv (whether it is initialised)
Signed-off-by: Leah Rowe <leah@libreboot.org>
yes, this begins the next phase of nvmutil:
remove global status in functions that should be
generic, and make functions that are not generic,
generic. make everything as re-useable in a library
as possible.
most of the program is error control, as it should
be, but much of it is mixed in with functions
that really should just be split up for libraries.
so that is what i'm now beginning.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i still use a global variable, but now only
one, which is a structure containing the
state of the entire program
now i can easily start modifying it to make
functions generic, and then i can start
making parts of it into easy libraries
Signed-off-by: Leah Rowe <leah@libreboot.org>
for now still actually global, but i'm gradually
putting variables into a single global stucture
which will then allow me to make everything
local, which would then allow me to start
splitting up the program and modularising it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we assume the fallback will be rare, so now we
make the mix static and keep xoring it, on the
theory that the number of failures on urandom
will be random, and tthat the fallback may only
apply once or twice in thousands of calls.
the time jitter is adjusted; rather than judge
the difference between two points close to each
other in time, we judge tthe randomness in
difference of time elapsed. this mitigates fast
CPUs being very fast and introducing rounding
errors, and also improves performonce on much
slower CPUs
Signed-off-by: Leah Rowe <leah@libreboot.org>
i was being cute earlier, but the rewrite
defeats the purpose of atomic file handling
in nvmutil, by not actually renaming! it was
more like, doing an actual copy, which meant
that corruption is likely during power loss
i've commented the code because i may
use it in a library in the future.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this improves reliability, making it more
likely that data actually gets synced,
since fsync can return -1 with EINTR,
indicating that a re-try should be
attempted.
Signed-off-by: Leah Rowe <leah@libreboot.org>
arandom probably isn't available on super old obsd right??????
rather, unveil isn't. on systems that have arandom
yet we should not unveil something that may not
exist on modern systems
just don't unveil arandom, and don't check arandom
if unveil is enabled
Signed-off-by: Leah Rowe <leah@libreboot.org>
some systems may not even have it
works with /dev/fd (bsd/mac etc)
works with linux (/proc/self/fd)
and falls back on super old systems
that have neither
Signed-off-by: Leah Rowe <leah@libreboot.org>
settting it to -Werror is wrong, should set
it not -Werror.
however, put the WERROR variable in the make
command. that way, i could test with
make WERROR=-Werror
Signed-off-by: Leah Rowe <leah@libreboot.org>
try a few more times until success
explicitly return EEXIST when needed
we try multiple times and check more
thoroughly if a file exists, thus
reducing the risk of race conditions
Signed-off-by: Leah Rowe <leah@libreboot.org>
not portable. some old systems don't have it,
or handle it very poorly
unsigned long is a reasonable way to refer
to indexes inside pointters
Signed-off-by: Leah Rowe <leah@libreboot.org>
if the global file is created on a different file
system than the gbe file, unveil would trigger an
abort trap, since we rely on created a second
temporary file, whose path we can't know ahead
of time.
i could get rid of unveil, or unveil a directory,
but neither is acceptable. just use localtmp on
openbsd. a temporary file is created next to
the gbe file, in the same directory.
Signed-off-by: Leah Rowe <leah@libreboot.org>
now the custom fallback code is very unlikely
to ever actually be used, on any system,
except really old systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
-Werror removed, for older compilers
actual warnings still there
-std is configurable now
e.g.
make CSTD=-c90
make CSTD=-c99
Signed-off-by: Leah Rowe <leah@libreboot.org>
i have urandom again. it's enough
the fallback rand implementation
is used if needed
now i don't have to worry about any
weird version of unix from 1992 and
deal with weird hacks. in fact, with
this change, my code will probably
compile on irix now
Signed-off-by: Leah Rowe <leah@libreboot.org>
i had to loosen the pledges for the new i/o
framework, which needs more permissions
as a result, i can now open urandom in
this function statically, rather than
in nvmutil's control logic
and because of that, it's less buggy now
arc4random is disabled on linux by default,
because it's not universally available
on all libc, and only since about 2022
in some glibc versions
better for portability to let linux users
justt use urandom
the new logic is different. now it falls
back to rand per-byte, but in practise
it almost never will.
Signed-off-by: Leah Rowe <leah@libreboot.org>
linux only had it since 2022.
lots of people will complain if i leave this enabled.
not all libc have it either
Signed-off-by: Leah Rowe <leah@libreboot.org>
i simplified it in the last commits, but i sttill
need this loop to properly handle parts
otherwise yeah, all it's doing is copying a file
verbatim. duh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we now read twice, verify the two, to make sure
one read isn't faulty
we operate on a tmp file, then rename back. this
reduces the risk of power cuts corrupting data
we properly verify the contents that we wrote
back
inspired largely by flashprog. i wanted to have
an insanely over-engineered and extremely safe
tool that edits intel gbe nvm files
and now i have one. the only one in existence.
i'm basically writing my own libc code at this
point, to be honest. i'll probably start puttting
these functions in libraries
e.g. that tmpfile generator
Signed-off-by: Leah Rowe <leah@libreboot.org>
we were returning if verified is not off, but we
were not doing the check soon enough.
now it's clearer: just after either a reset,
or we found out offset doesn't match, we
return sooner.
otherwise, we read, and we verify again right
after. in the old code, we verified twice in
a row.
this is just more optimal, for error handling.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the last patch, i return, which then avoids
resetting the offset.
prw is very careful not to return early.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, if it's -1 and errno happens to be
EINTR or EAGAIN, we might loop on what is a
real error. this bug fixes that edge case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already check before that rv is not negative,
and it starts at zero, but it's good to guard
it here just in case (for future re-factoring).
if rv is negative, it could convert (casted to
size_t) to a huge number (we don't want that).
Signed-off-by: Leah Rowe <leah@libreboot.org>
even with OFF_RESET, we still want some error checking.
if the check fails again immediately after, then it
suggests that another program really is modifying the
file, so we should stop.
the first check is done on the theory that another
program *was* working on it, but now isn't.
once again, this isn't perfect. use read pread/pwrite
if you need thread safety (and even then, you still
need to actually check your code)
Signed-off-by: Leah Rowe <leah@libreboot.org>
if a points to a buffer shorter than maxlen,
and the string is not null-terminated early,
the loop may read may overflow
e.g.
char buf[3] = {'a', 'b', 'c'};
xstrxcmp(buf, "abc", 50);
this is undefined behaviour, and a bug. C allows
reading past arrays only if the memory exists,
but we can't guarantee that
to fix it, we check the condition for return,
namely NULL character, before using the character
again. This avoids reading further from a multiple
times so we exit as soon as we encounter NULL
this also avoids multiple reads from memory, though
a compiler would optimise that anyway
Signed-off-by: Leah Rowe <leah@libreboot.org>
we currently reset just fine, but a partial success
where the previous offset is not the same as the
original should also be considered failure.
this patch therefore makes the return much stricter,
making the code return an error if this occurs,
which in nvmutil would then cause a program exit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we check them in prw, but we used to rely
on prw because we called that first. no more.
it's correct to also check them here anyway,
in case i ever call another function here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
avoid pointer-range overflow arithmetic. this
patch doesn't change behaviour, but makes an
overflow impossible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
off is signed, so converting that to unsigned
is better than converting rc (unsigned)
to signed. i had the right idea, but got
it wrong in the earlier version. this
should fix potential overflow issues.
Signed-off-by: Leah Rowe <leah@libreboot.org>
our fallback pwrite/pread behaviour still does not
properly replicate the safety of real pwrite/pread
i intend to put this i/o code into a library for use
in other programs; nvmutil is single-threaded so
this change is largely redundant (but can't hurt)
Signed-off-by: Leah Rowe <leah@libreboot.org>
rw_file_once was doing what rw_file_exact should be
doing
_once does what it says: once
we were passing an offset (rc) to it that it was not
meaningfully using.
this makes the code now more robust, especially if
we later swap out or break _once - then we don't
get weird behaviour (if there is a regression).
Signed-off-by: Leah Rowe <leah@libreboot.org>
we assert now that ulong is the size of a pointer,
therefore we know that it can fit a pointer reliably.
this code is written for c90 spec so lacks uintptr
Signed-off-by: Leah Rowe <leah@libreboot.org>
not available on older systems. can just pass
the relevant flag in the compiler:
HAVE_ARC4RANDOM_BUF=0 at build time if you need
the fallback.
Signed-off-by: Leah Rowe <leah@libreboot.org>
too over engineered and cumbersome.
the new security in prw() makes it brittle,
and i'd rather not move checks outside of it.
the fallback rand is random enough.
Signed-off-by: Leah Rowe <leah@libreboot.org>
write all at once, then sync all at once,
then verify all at once.
this increases the chancce that all data
gets written first, in the case of power
less, because fsync may take a while on
some systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already covered this in prw() which is
what ultimately gets called, but still.
it's logically correct not to check it here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the cat function can be greatly simplified
handle it conditionally, because not all
functions should use it
Signed-off-by: Leah Rowe <leah@libreboot.org>
move the gbe-specific parts out of it
what remains is a relatively generic
function; a very conservative implementation,
wrapping around libc functions but with
a few additional safety checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this still gets done from rw_once, but
it's generic enough that we want it in
our prw() wrapper function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of it can be done in rw_file_once
truly general checks have been moved to prw(),
so that the function is more general purpose.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, we now have a universal function
that is reusable elsewhere, with the same
redundancy. the rw_once and rw_exact functions
still get this redundancy, through prw
Signed-off-by: Leah Rowe <leah@libreboot.org>
we can just fall through to nrw and decide
what function ta call there - either read/write
immediately and return, or fall back to the
portable positional implementation.
this also means we don't have to call io_args
in every function, since everything now runs
through prw()
Signed-off-by: Leah Rowe <leah@libreboot.org>
it can be higher than 32-bit, it's fine
the current check breaks some newer systems
accordingly, u32 becomes ux, x meaning x bits
Signed-off-by: Leah Rowe <leah@libreboot.org>
i didn't take into account partial writes, in io_args
this fixes it
unfortunately, this means i have to loosen the offset
check a bit, but it's fine
Signed-off-by: Leah Rowe <leah@libreboot.org>
re-check. very unlikely since the program doesn't run
for very long, but we have to check if the file has
changed. this is a basic check of file size.
we could probably check the contents too, but that
would be overkill.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the time difference used here could go negative, which
would overflow in the xor op on mix, leading to a biased
entropy pool. we want to ensure that they numbers do
not overflow, because here they are cast to unsigned
which would then produce very large numbers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
zero never occurs, because rw_file_once never returns zero,
but only rw_file_once determines that. rw_file_exact must
handle every possible error.
right now, if that call returns zero, rw_file_exact would
have an infinite loop.
this doesn't actually happen at the moment, so this is a
preventative bug fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
properly verify the value of the arguments, with
asserts.
add simpler runtime checks in-function, on prw,
rw_file_once and rw_file_exact.
variable names in english now, and the code is
cleaner, while being functionally equivalent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
for pulses, we currently use amplitude detection.
edge detection is better, because weak / low gain
signals will be more reliable. if audio is coming
in on/from a system that does automatic gain
adjustment, this once again is more robust too.
microphones and speakers (which people often use
with spkmodem if nothing else available) often
clamp amplitude, to an extent that this software
may not detect those pulses reliably that way.
so we detect slope edges instead. this causes
very little performance penalty (use of abs(),
that's about it)
however, edge detection is inherently vulnerable
to noise, so we will also detect amplitude. this
acts as an effective noise filter, while still
improving pulse detection.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this check no longer applies (never triggers)
is_signal_valid already guarantees that the separator
tone is valid.
Signed-off-by: Leah Rowe <leah@libreboot.org>
bits are currently assembled even on invalid frames. this
patch fixes that - the bug is also in the GNU version.
this reduces the chance of noise/calibration from creating
corrupt character output during operation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
enforce at least two tones. this mitigates the
chance of random noise being treated as a real
tone, and reduces the chance of broken
thresholds versus freq min/max e.g.
freq min 31, max 32 and threshold 31
Signed-off-by: Leah Rowe <leah@libreboot.org>
we weren't actually using what we calculated. this patch
fixes that, thus preventing random noise / microphone
clicks, random artifacts and such from being treated
as real frames (the purpose of is_valid_signal is
partly noise suppression).
Signed-off-by: Leah Rowe <leah@libreboot.org>
in handle audio, i do the number of samples
per frame, and one more. e.g. 241 instead of
240. this bug is in the original GNU version
too. this patch fixes it.
this means that the output could slowly go
out of sync with calculated timings. the
patch fixes that. in practise, the decoder
is not that sensitive, and the code would
adjust anyway (automatic timing adjustment),
but ideally we want to not *cause* such
issues even if we mitigate them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
assert integer sizes, important in this program because
we make several implicit assumptions about word sizes,
and integers need to be of a certain size.
Signed-off-by: Leah Rowe <leah@libreboot.org>
collect_separator should be select_separator, to bring
it in line with select_low_tone
this just makes the code a bit easier to read
Signed-off-by: Leah Rowe <leah@libreboot.org>
the fir filter produces stable frequencies per frame,
but learning per sample (within a frame) means we
record the same value roughly 240 times.
here, we are syncing up at just the right moment
instead, and only at that moment, this increasing
both performance and reliability.
Signed-off-by: Leah Rowe <leah@libreboot.org>
oops!!!
another mistake during refactoring. right now it
doesn't increment before being checked, so learning
can go forever in an infinite loop
Signed-off-by: Leah Rowe <leah@libreboot.org>
i conflated two separate tests in a previous change.
the silence check was defeated by still checking f
alongside it, which would be set, thus satisfying
the condition, and proceeding, which defeats the
purpose of the silence check (ignore false signal
that is actually noise) - so in the original patch
that i wrote, the extra checks actually do nothing.
this patch fixes that, and makes the logic a bit
clearer.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the tone detection currently only tracks data, not
the separator. track both instead, for improved
detection reliability.
e.g.
separator tone e.g: 9
data low tone e.g: 18
data high tone e.g: 24
two fir windows produce e.g.
freq data 9 sep 0
then 18, 9
then 24, 9
18, 9
so we take min(data, separator)
that gives 9,9,9,9
now we have the separator cluster
however, if both windows are active during transitions,
you can also capture the higher clusters, which would
allow freq_max to grow
so when you learn e.g.:
freq min = 9
freq max 24
then the learned threshold would be:
(9 + 24) / 2 = 16
and now you know how to separate the tones
fir already suppresses noise so the pulse should
be reliable. so freq/sep only go non-zero when an
actual tone exists
this should now result in being able to sync with
spkmodem encoders with no prior knowledge of the
correct tone frequences. we just use maths.
Signed-off-by: Leah Rowe <leah@libreboot.org>
since we have auto-detection now, we only need to know
that two signals exist, not that they are valid, since
the auto-detection now handles validation and fallback.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a continuation of the previous patch. this waits for
currently one second, before defaulting to the hardcoded
value. otherwise, it tries to use whatever timing it
gets automatically.
this way, the program should now reconfigure its own
timing, without intervention by the user, if the timing
differs from sensible defaults.
this is because spkmodem is implementation-defined;
it's just however coreboot and/or GRUB happen to set
it up, and on the hardware in question.
Signed-off-by: Leah Rowe <leah@libreboot.org>
current logic is hardcoded, as in the original spkmodem-recv.
with this change, small differences are observed and averaged,
then the detection thresholds are adjusted accordingly.
the existing macros serve as a baseline, but real signals
differ. with this change, we therefore account for possible
drift in timings, which can change in real-time; the old
code could possibly get out of sync beccause of that, which
may have resulted in corrupt characters on the screen. this
change therefore should make the output a bit more stable.
the detection window is continually adjusted, so that the
output timings don't drift.
the tolerances are automatically adjusted based on base
timings (see new define in patch)
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of when it goes above, do it precisely on the
timeout. otherwise, if by sheer chance the signal
pauses and we reset the byte - sure, ok, but it's a
bit tight and we run the risk of advancing another
frame, depending on the timing.
this is a minor edge case, probably rarely ever
triggered in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
and with this, i'm now pretty much done modifying grub's
crappy code. this experiment started in 2023 has now
pretty much concluded.
the original GNU code was poorly written, hardcoded
everywhere, and not documented or commented at all.
i had to learn what the code is doing through inference
instead, and i'm pretty sure that these explanations
cover everything. i hope?
maybe the frenchman can explain anything i missed. haha.
Signed-off-by: Leah Rowe <leah@libreboot.org>
yet another optimisation for weaker compilers - but
some modern compilers may not optimise well for this
code either.
this reduces the amount of references to the struct,
which is very expensive (48000 times per second) on
very old CPUs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the frame[] array is never actually used meaningfully.
that setting of frame[ringpos] on the decode_state is
only set here, but then the value isn't really used at
all. the entire size of the annay is used for sizeof
in print_stats, but then we can just declare that
manually. since we also know that this value never
changes, we can use a global define for the sizeof entry
in print_stats, thereby simplifying operation further
Signed-off-by: Leah Rowe <leah@libreboot.org>
make it easier to read by clearer variable naming.
this change also reduces memory accesses (fewer struct
dereferences - see: struct decoder_state), when using
much weaker/older compilers that don't optimise
properly. this, in the most active part of the code,
which is called.... 48000 times a second. peanuts on
modern CPUs, but on old (early 90s) CPUs it makes a
big difference.
Signed-off-by: Leah Rowe <leah@libreboot.org>
only use the old fallback, or /dev/urandom
/dev/random blocks on some older unix machines,
or in embedded environments that may never
have enough entropy, causing the code to hang.
urandom is most certainly expected to exist on
pretty much anything since the mid 90s.
i could probably re-add the arc4random setup
for BSDs. i'll think about it. gotta do that
portably too.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if someone calls rhex fast enough, the timestamp
may not change. this mitigates that by adding
a counter value to the mix
Signed-off-by: Leah Rowe <leah@libreboot.org>
the last change was good, but this code, again,
has to do these calculations 48,000 times a second.
trivial on new computers. but now try it on a
computer from 1992.
we should try to make this as fast as possible :)
older compilers especially don't optimise these
checks. this patch shifts it to one subtraction and
one unsigned comparison, rather than checking less
than or greater than both. often used in... literally
exactly this type of program.
on a good compiler this will compile to an add, cmp
and conditional jump.
less readable, but the results (set 1 or 0) make it
pretty obvious what it does, after a few seconds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i turned this into abs() call earlier, but this isn't
obviously readable by some people.
make it absolutely clear what this does. also reduces
use of syscalls.
Signed-off-by: Leah Rowe <leah@libreboot.org>
fread() may return short reads, whereas the current
code assumes either EOF or a full read.
change if to a while. really, it's that simple.
just loop until it's done. i probably b0rked this
myself when refactoring the GNU code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i treated ftell errors as fatal, but if fttell fails
with ESPIPE, and someone's using -d, the program may
exit immediately, even though there's no problem.
instead, skip printing the offset (basically no debug).
this fixes a bug that i introduced myself, when i forked
this code, because i added that error check; the GNU
code didn't have any check whatsoever.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we currently read small amounts of data with fread,
repeatedly, which is quite taxing on the CPU, on
very old systems.
48khz audio. 48000 calls to fread() per second?
yeah. let's optimise this.
performance now should be roughly O(1) in practise.
this and the other recent changes means no modulo
or division, reduced branching, memory memory roads,
and lots of buffering.
the buffering here is quite conservative, so the human
won't notice any difference. we're cutting the number
of times we call fread by a factor of several thousand,
but you'll still see text scrolling down pretty quick,
with minimal lag.
the old GNU code i forked was terrible at this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make it clearer about next/old, in the loop. this also
improves performance on older systems (cache the values
first, don't re-calculate)
again, this is GNU code. but you wouldn't know it, in my
current version. i forked this from GRUB several years
ago and started cleaning it for fun.
Signed-off-by: Leah Rowe <leah@libreboot.org>
frame handling, error checks, pulse decoding and
character decoding are all jumbled up. this patch
separates them a bit, making it clearer.
should also help codegen. this tool is dealing with
high bandwidth text, which on slower computers may
be cumbersome. every optimisation counts.
not really relevant on newer systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of computing next every time, just advance
two indexes. another performance optimisation on
older machines, especially old compilers, because
it reduces the amount of logical branching.
the old code was pretty much just advancing two
indexes in lockstep, when getting the next pulse,
but recalculating one of them based on the other,
each time.
this is yet another hangover from the old GNU code
that i forked three years ago.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's slow on older compilers/systems that don't optimise.
instead, we branch (cheaper) and just do an above or
equal comparison), resetting appropriately or subtracting.
should yield an actually useful performance gain, on older
systems. a bit theoretical on modern systems, which optimise
well (modern compilers will produce assembly code much like
what the new C code is doing)
Signed-off-by: Leah Rowe <leah@libreboot.org>
a bit pedantic. but that's my intention.
for backwards compatibility with older systems.
this flag means: create the directory. on modern
versions on all systems, it's the default behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i used a bunch of global variables. that's gone.
added proper externs, including for errno. lots of
old unix systems require this. this version should
be perfectly polished and portable now.
all status is now handled in a struct, making the
code a bit easier to understand, because the variables
now are clearly pertinent to the state of the decoder,
rather than being seemingly random.
some indentation reduced.
also cleaned up ftell/feof usage again. the new code
is a bit more robust when dealing with piped input(which
is literally what this program takes, exclusively)
i started my cleanup of this tool from GNU GRUB in 2023.
i finished it today.
also the Openbsd pledge is more portable now (code made
to compile on pre-pledge openbsd as well)
Signed-off-by: Leah Rowe <leah@libreboot.org>
skip it if there is a valid checksum, to mitigate
erroneous errno state upon exit from run_cmd(),
because we can assume by this point that we
are in fact ready to write at this point.
the check at the end still exists, which will catch
any error set by write, and any error set before
that. this fixes a weird warning on cmd_dump.
Signed-off-by: Leah Rowe <leah@libreboot.org>
reset it in callers instead.
this means that the main function is more generalised.
we know by the time we exit that there is no error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the new file i/o functions, my own setting
of errno should be done with set_err. this
avoids clobbering what the real libc set.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i set it to ecanceled before. now i set it more
appropriately, for each type of error.
where a real syscall was called, or my file i/o
functions are used, err() is called with errno
itself as input, to avoid clobbering real errno.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in practise it's ok, but some compilers might complain.
all this change costs is a bit of branching inside a
loop, but compilers will sort that out.
Signed-off-by: Leah Rowe <leah@libreboot.org>
preventative fix, since the values are currently
quite tiny. this new check is the same, but goes
the other way to eliminate overflow.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the old one assumes that ssize_t is signed size_t,
which let's face it, is always true in practise,
but not actually guaranteed!
so now i'm using one that's even more pedantic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
just use errno itself as input to err
if unset, it's set to ECANCELED anyway
i really should rewrite the error handling
to not use errno at some point. it's a bit
unreliable, on some unix systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if it resets it on success, that is!
theoretically possible. we must preserve errno.
normally i'm a bit more casual about it, but this
function is replicating libc, so i must be strict
Signed-off-by: Leah Rowe <leah@libreboot.org>
size_t may be unsigned long long, but lu
is for unsigned long. the integer is small
enough that we don't need to worry, so let's
just cast it accordingly (inside err)
Signed-off-by: Leah Rowe <leah@libreboot.org>
always set it. the current logic only sets it if
valid, but invalid doesn't, relying on global
initialisation. this check sets it explicitly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it currently only does so on success, but errors will
leave the file descriptor corrupted.
reset it accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
currently it returns success, if restoring a
previous offset failed. this leaves descriptor
corrupted when the caller thinks otherwise
return -1 instead, so that the caller can treat
it as an error, relying on whatever lseek had
set for errno
Signed-off-by: Leah Rowe <leah@libreboot.org>
check that it's below len, not above it. that way, it
will now exit if it goes above (which it shouldn't,
but it theoretically could if the code was changed
and there was a regression or subtle edge case)
Signed-off-by: Leah Rowe <leah@libreboot.org>
with the other changes made recently, super old
compilers now work.
yes, i needed to change some specifiers in printf.
typedefs provided for uint, and a define included
X OPEN SOURCE 500. and asserts for integers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
just use /dev/urandom and fall back to /dev/random
this is what i was doing for years. this combined
with other changes, and the new prw() function
for i/o, means portability should be pretty high
now. i will actually start testing nvmutil on old
bsd systems from the 90s later.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in case any stale errors are present.
at this point, we know that the code is likely
safe and that nothing happened, because we quite
obsessively call err() before that point.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current one assumes two's compliment and no
padding bits. i assert two's compliment earlier
in code, but it doesn't guarantee:
sizeof(ssize_t) == sizeof(size_t)
it's theoretically possible that size_t=64
and ssize_t=32, and then the macro would break.
this new version uses SIZE_MAX instead, without
subtraction, but halves it using a bit shift.
this may still break, but it should work nicely.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i overlooked this when writing. it's comparing
to a length which is size_t, so let's avoid
an unnecessary cast.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we need this to be the case for our code, that char
and uint8_t are 8 bits, and that uint16_t and uint32_t
are 16- and 32-bit.
these asserts protect us in case it's not (it will cause
a compile time error).
Signed-off-by: Leah Rowe <leah@libreboot.org>
in rw_file_exact
otherwise, if length exceeds SSIZE_MAX, we could
hit an overflow
the buffers and lengths we deal with are relatively
small anyway, so this fix is preventative
Signed-off-by: Leah Rowe <leah@libreboot.org>
it now retries infinitely on EINTR, except when the return
of pread is precisely zero, at which point it errs.
this is better than having an arbitrary maximum like before,
and increases robustness on unreliable file systems, e.g.
NFS shares.
Signed-off-by: Leah Rowe <leah@libreboot.org>
only print a message what arg_part is set. this
means that a checksum error message won't be printed
on cat commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't hardcode it per command logically. do it in
the command table instead.
this also fixes a bug where the cat commands did
not set the permissions read-only.
Signed-off-by: Leah Rowe <leah@libreboot.org>
since the cat command can be used to create bad
gbe files, if the checksums don't match. my rule
is that nvmutil must never be used to destroy
data, only correct it (e.g. a file with just one
valid part can have it copied to the other part,
but you can't copy a bad part - and i removed
the "brick" command).
i *did* disable checksum requirements on the
dump command. with this, you can check the nvm
area and it tells you what the correct checksum
could be. then you could just correct it in a
hex editor if you wanted to, quite easily.
the idea is to slow down the act of destroying
or corrupting data as much as possible. someone
wily enough can use a hex editor to patch up some
files just fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
no build error at the moment, nor would there be if
using clang or gcc, but i imagine some buggy compilers
might complain.
remember: portability. i also want this code to compile
on old, buggy compilers.
logically, this initialisation is redundant.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these take any file size of gbe file: 8KB, 16KB
or 128KB. so does the normal cat.
then you can use cat, cat16 or cat128. these
output to stdout, the corresponding size in KB.
0xFF padding used on the larger files. on the
larger files, the first 4KB of each half is the
GbE parts, and everything else is 0xFF padding.
now you can resize gbe files easily, example:
./nvmutil gbe128.bin > gbe8.bin
yes
Signed-off-by: Leah Rowe <leah@libreboot.org>
it *is* cat. it's catting two GbE parts. so its cat.
(two 4KB areas, plus padding when i add cat16/cat128)
Signed-off-by: Leah Rowe <leah@libreboot.org>
with this, you can read 16KB and 128KB files, and output
them to stdout, but it outputs 8KB
for example:
./nvmutil gbe128.bin > gbe8.bin
now you have a 8KB file
i could probably easily add cat16 and cat128 too.
nvmutil reads two 4KB parts regardless of GbE file
size (one from the first 4KB of each half of the
file), so this was easy to implement.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't cast unsigned to signed.
no behaviour is changed, but this will prevent some
silly compilers complaining about -Wsign-conversion
Signed-off-by: Leah Rowe <leah@libreboot.org>
i removed this before, but it's good to put it
here defensively, in case i ever mess up
the urandom read function again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i forgot to handle it in the previous refactor
not really a problem in practise, since the first
read probably succeeds anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also handles possible overflows in read_gbe_file_exact
it removes dead code on both paths: arc4random and
urandom
Signed-off-by: Leah Rowe <leah@libreboot.org>
we rely on uint16_t wrapping, but some platforms may
behave weirdly.
cast as uint32_t and then cast back, on return, with
an explicit mask beforehand.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i plan to release this as a standalone utility at
some point, once it's perfect (on its current
feature set)
Signed-off-by: Leah Rowe <leah@libreboot.org>
i will write a *manpage* at some point. for now, the
documentation on libreboot.org shall suffice.
i'm nearly ready to submit this code to coreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
explicitly declare the directory path for the given
file (nvmutil), otherwise it's implementation-defined;
on some systems, /bin/nvmutil means a directory named
nvmutil could then contain nvmutil.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I also needed: #define _POSIX_C_SOURCE 200809L
I use -pedantic with -Wall -Wextra -Werror, which
forces very strict error handling and ISO C; this
means pread and pwrite aren't available.
The define fixes this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
only allow the long form: setmac [MAC]
specifying gbe.bin just shows the help/usage now.
this is a safety feature, so that someone doesn't
accidentally write the gbe file. we want it to be
that the user specifically requested setmac.
setmac with mac address as the 3rd argument is
also disabled. this is done as part of a general
simplification and safety improvement to nvmutil.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is an extremely dangerous feature, and serves
no purpose to the user.
this change is part of a series of extreme safety
improvements, part of a larger nvmutil audit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This feature is extremely dangerous, and we should
discourage against its use.
This is part of a series of changes that I've made
to make the code safer. You should only ever run
this on a valid GbE file, and nothing else.
Signed-off-by: Leah Rowe <leah@libreboot.org>
linear, top-down order. re-order the prototypes
also some general cleanup:
argc enums now validated. ifdefs for pledge
and arc4random now use a consistent naming
scheme.
feature change:
the "dump" command now fails if both checksums
are invalid, and won't show anything.
my next commit will disable setchecksum when
both checksums are invalid. this and the other
insane auditing i've done over the last few
days has been part of a major effort to make
nvmutil extremely safe, and robust.
Signed-off-by: Leah Rowe <leah@libreboot.org>
setchecksum and setmac update the checksum.
other commands don't.
this patch unified the logic, handling it
in write_gbe based on command[].chksum_write
Signed-off-by: Leah Rowe <leah@libreboot.org>
only pledge/unveil where available, on versions
that have it. this patch disables it on older
versions, allowing nvmutil to compile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i previously had this as a speed optimisation, but
removed it because it wouldn't make any real speed
difference, on most modern file systems / kernels.
however, this also has the dual purpose of ensuring
only what was verified gets written, on operations
that only touch the NVM area, since this relies on
checksum verification.
therefore, i have re-added this feature, but under
the new design of nvmutil. it is done policy-based,
instead of having if/else for specific commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
their functions now only return. not needed anymore.
these commands are still available, but they no longer
need helper functions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the existing verification is retained, an a few commands.
this is an additional security mechanism. redundancy is
best.
Signed-off-by: Leah Rowe <leah@libreboot.org>
strnlen is not available on some older systems,
so now we provide our own portable version.
this version also aborts on NULL input, unlike
the standard function.
this version also does not permit empty strings.
this version also does not permit unterminated
strings.
Signed-off-by: Leah Rowe <leah@libreboot.org>
arc4random is superior, so using /dev/urandom
would be a mistake. we only use that on linux,
or old/weird unix.
we would also use it on linux, but GNU prohibits
nice things (its implementations are spotty, and
old glibc doesn't have it - before 2022 there is
libbsd, but i'm not importing that).
not that it matters. we're not doing encryption.
i'm just a stickler for technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There, we use arc4random_buf which does not directly
access /dev/urandom on BSD; it uses a userspace method
instead, which bypasses this.
This is therefore much more restrictive, which is
exactly the point of unveil(2) and pledge(2); restrict
your program's operation while ensuring that it has what
it needs, to help with debugging and prevent common bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, it's a pointless computation
i also added a guard to mitigate this, in the
read file function. this should have been there
anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if the enum is messed up, this patch also prevents
that. this is not to catch a runtime error, but
to intentionally trip up a maintainer that screws
up, prompting them to fix their future mistake.
we previously used a pointer directly, without
even checking index/NULL - that too is now covered,
except that we now use an indice for command[] and
execute the command from that, rather than directly
declaring a pointer.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, if a user does e.g.
./nvm gbe.bin bullshit
It will say: bullshit
Right now, it just says invalid length. This
means if the user wanted to type e.g.
./nvm gbe.bin copy 0
but they typed:
./nvm gbe.bin coyp 0
Now it will tell them that it's trying
to set the MAC address "coyp".
This is because if an invalid command is given,
it's treated as a MAC address instead. This is
by design, to allow e.g.
./nvm gbe.bin xx:1x:1x:xx:xx:xx
Signed-off-by: Leah Rowe <leah@libreboot.org>
point directly to the command table.
run through an intermediary function to check
bounds, for safety.
this will allow me to then set things like
the invert config directly in that struct.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we need only declare it in the centralised gbe_file_offset
function, which determines whether a write to the gbe file
falls specifically within the 4KB range that is the gbe
part.
it is always half of the gbe file size, and then the first
4KB of each half stores the gbe part.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these variables newrandom and oldrandom are unused on
BSD systems, and their unused status may trigger
warnings on some compilers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
yeah, do the verification manually, don't convert
to size_t. this avoids a bunch of theoretical
bugs that i can't be bothered to explain at 3AM
just trust me bro
Signed-off-by: Leah Rowe <leah@libreboot.org>
preventative fix for later, if the tool is ever expanded
to have a better command syntax, for supporting more than
one file at a time.
Signed-off-by: Leah Rowe <leah@libreboot.org>
send the mac address byte directly to check_mac_separator
functionally identicaly, but cleaner, and uses
multiplication instead of division (faster).
Signed-off-by: Leah Rowe <leah@libreboot.org>
it was put there for another change i haven't done yet,
and probably won't. the program currently just runs once
with one operation, on a given file.
the current defaults are initialised just fine without
this function, so let's remove this bloat for now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we now handle signedness properly, which is implementation
defined, on char integers where signed/unsigned is not
specified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the partsize variable is also misleading, because it
refers to the full half of a file, which might be
bigger than 4KB. this variable name is a hangover
from when nvmutil only supported 8KB files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
char can be signed or unsigned, and this is often
implementation-defined. this could result in bad
comparisons, so we should specifically cast it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 5b120d71e7.
the others are unsigned char. other variables like this one.
better be consistent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it calls word() anyway, but we should still check it here,
since this is quite a critical function.
the other bound checks are done by word(), which this
function uses to add everything up.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there is 0x20 of different between a and A
so we can just or 0x20 and compare only lowercase.
we can also cast char (which may me signed on some
systems) to unsigned, and then only check whether
it's lower than 10.
this code results in far less branching (in C),
but a good optimising compiler probably wouldn't
have cared about the old version anyway.
it's just nicer C code.
this also means we no longer need to check for
X, only x.
Signed-off-by: Leah Rowe <leah@libreboot.org>
strnlen isn't available on some older unices.
we already know the string will be null-terminated,
because it comes from argv, so runaway reads are
extremely unlikely (read: impossible).
Signed-off-by: Leah Rowe <leah@libreboot.org>
and 1 does the same thing as mod 2, but it's cleaner.
i also now bitshift 3 times instead of times by 8,
which again is clearer in purpose.
i line breaked after h, to make it clear that all of
the next part is being shifted in
Signed-off-by: Leah Rowe <leah@libreboot.org>
sizeof is size_t, so we must act accordingly.
casting it to an int is unacceptable.
this version is also branchless.
Signed-off-by: Leah Rowe <leah@libreboot.org>
fall back to urandom.
also add a /dev/random fallback, for older unices.
with the posix compatibility changes, combined with
this change as above, the code should be portable
now. i expect it to compile on *many* unix systems!
pretty much everything from the last 30 years.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need a whole function. i previously did it
for clarity, but simply setting a variable all in
one line is totally fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
size_t is generally the size of the address space, so
this is more reliable for our purposes; we're only
working on small buffers, but even so, it's a good
thing to do.
Signed-off-by: Leah Rowe <leah@libreboot.org>
directly handle swapping in word and set_word
in my testing, x86_64 and arm64 compilers actually produce
more efficient code this way. i previously only did a big
swap on the whole buffer on big-endian CPUs, and directly
accessed without swaps on little-endian, as an optimisation.
however, the old code is actually slower than what the
compiler produces, with the new code!
portability is retained with big-endian host CPUs and
little-endian host CPUs.
this also avoids the complication of memcpy and is just
generally extremely reliable by comparison.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we currently never read the 0th byte, so if we need
all 12, and we do when every byte is random, we
read again just to get one byte.
not really a bug, but it is a performance penalty,
so let's fix it!
Signed-off-by: Leah Rowe <leah@libreboot.org>
we want to debug it after the fact; this is now handled,
in the calling functions (unhandled error exceptions).
Signed-off-by: Leah Rowe <leah@libreboot.org>
i don't care. it's only 30 tries.
usleep can fail, setting errno, and it can actually
take longer, depending on the environment. it poisons
errno, and makes debugging harder.
just remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already exit reliably in that function. the current code
is logically correct, but very weak against future changes.
this extra check is essentially redundant, but prevantative
against future changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
errno shouldn't be set, after reading a file successfully.
if it is, that's a bug. handle it accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This prevents hogging the CPU in a tight loop,
while waiting for access.
I've also reduced the number of tries to 30, rather
than 200. This is more conservative, while still
being somewhat permissive.
The addition of the usleep delay probably makes
this more reliable than the previous behaviour of
quickly spinning through 200 tries, but without
hogging CPU resources.
I *could* allow this loop to be infinite, but
I regard infinite spin-lock as an error state.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a non-fatal error could have set errno. when we return
from check_read_or_die(), it should be assumed that
all is well.
i don't think this would mask anything important, but
it may be regarded as a preventative bug fix, since
it most likely only prevents false-positives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Part of the code currently assumes we only work on
the smaller NVM area.
I'm adding some comments to make this clear, for
when and if the code is ever expanded to support
operating on the Extended NVM area (just part the
main 128-byte NVM area).
Signed-off-by: Leah Rowe <leah@libreboot.org>
use of it was preventing more verbose error messages
on exit.
the code is actually cleaner without it, and easier
to read, because of those verbose error messages.
i also added some comments to cmd_swap/copy and did
some other minor/related cleanup elsewhere.
Signed-off-by: Leah Rowe <leah@libreboot.org>
split it out of main. this is good hygiene and it's preparation
for a planned expansion in the future, that allows operation
on multiple files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
currently redundant, but again i might expand this
in the future to allow multiple runs. putting this
here as good practise (currently redundant).
Signed-off-by: Leah Rowe <leah@libreboot.org>
we currently only run the logic once, but i might
expand nvmutil in the future, so that it can
operate on multiple files. this would require
using a different command syntax, e.g. getop-style
syntax.
this is a preventative bug fix, resetting global
state.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we only ever use it once, so it's fine, but future
expansion of this code might trip us up.
this is therefore a preventative bug fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
size_t can truncate on some platforms. it's best to use
the proper variable type (a cast is insufficient).
Signed-off-by: Leah Rowe <leah@libreboot.org>
strtonum implementations in bsd sometimes have this
variable name. rename it to avoid conflict.
also removed the commentt errno values, since i'm
only ever setting it to valid values, as are the
syscalls that i'm using, so it should be ok.
i'm not writing a stub to check errno. that would
be far beyond the scope of nvmutil.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a bit of fault tolerance. a bit bloated too,
but it should make the code more resilient.
we limited the number of retries to 200 retries.
EINTR is when the syscall (read/pread) is interrupted.
we still error out on other conditions; we also still
error out on EINTR if the number of re-tries surpasses
200.
during this re-try loop, if *another* error occurs, we
exit as normal. this is done for both files: the gbe
file, and /dev/urandom.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these functions return ssize_t, so compare explicitly
to that, when using the SIZE_4KB define for example.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we can just use errval as argument to set_err,
because set_err itself now properly handles
errno, ensuring that is is never set to zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
word/set_word are only meant to operate on the nvm
area (128 bytes), but the current check is against
the entire 4KB block.
swap() only handles the nvm area, as per the design
of nvmutil.
this patch makes the boundary check truer to my real
intent, guarding against future logical errors.
Signed-off-by: Leah Rowe <leah@libreboot.org>
alignment isn't an issue, but aliasing between uintX_t
types in C means that this code may fail on some weird
systems.
using memcpy here is advisable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need it. what follows is a call to open(), which
would fail anyway if the path is a directory; further, this
removes a theoretical race condition in the program, and
makes open() happen sooner, making it more likely that we
get the file first, before another program can take it.
checking whether /dev/urandom is a directory is the height
of absurdity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
n + 1 is the same as saying sizeof(rnum) in this case.
we should be clear about that, in code. n is irrelevant
here, since it is only an index for the return value.
Signed-off-by: Leah Rowe <leah@libreboot.org>
checking against -1 is incorrect, because we specifically want
to ensure that it always read the number of bytes defined by
the size of rnum.
this still covers the case where the return value is -1, and
therefore makes the error handling much stricter.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the way err works here now is very different than
the bsd one. here, we ALWAYS exit with EXIT_FAILURE,
and we call set_err with, as argument, the first
argument given to err.
this then sets errno, but the exit value is always
consistent.
that's what happens when i control err(). i make it
even better. the original bsd one is too conservative.
Signed-off-by: Leah Rowe <leah@libreboot.org>
and getprogname, written as getnvmprogname
this removes a dependency on err.h, which is non-standard.
the remaining code is posix-compliant, or ifdef'd where
use of openbsd pledge is concerned - someone could theoretically
define __OpenBSD__ that isn't and OpenBSD base maintainer, and
then use nvmutil in it, but i so don't care about that evermore
hypothetical individual.
Signed-off-by: Leah Rowe <leah@libreboot.org>
by handling close() in main, we can reduce the
indendation in write_gbe and generally make it
much easier to read.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the swap function reverses the byte order in memory, of
a loaded GbE after after reading it, or before writing
it. this is required (as detected) on big-endian CPUs,
because GbE files store bytes in little-endian order.
Signed-off-by: Leah Rowe <leah@libreboot.org>
set it after the argc check
i don't like initialising a const after
declaration, but it compiles, and it keeps
with the style used in the rest of the code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i declare it, using the 3rd argument, which might
not be available if only the file name is declared.
this fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these macros serve no purpose except to obfuscate the
code. it's actually cleaner just to refer directly to
argv, and it reduces the chance of contamination later
upon re-factoring.
Signed-off-by: Leah Rowe <leah@libreboot.org>
and op to ops
typedefs not part of any base system e.g. openbsd
base system, or e.g. the libc, should not have _t
in them.
this is a stylistic change, and does not alter any
actual program behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the second half of the function is mostly checking
arguments, and has the hack to set cmd to cmd_setmac
if cmd is unset (no command specified) but argc is
above two.
stylistically, this is more consistent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this fixes the bug where if you specify an invalid command
such as:
./nvm gbe brick 9
part 9 doesn't exist, but fname isn't yet set, here.
same thing applys when running those pledge commands on
openbsd.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is separate from other function calls. err_if
is used as though it was an if, where we always add
a space. it's just a quirk of my coding style.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, the correct part number is printed when an invalid
part is being operated on, in cmd copy or swap.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead, use a single integer, set to 1 if using
these commands (otherwise set to 0) used as an XOR
mask.
use this to invert where data gets read. one quirk
with this is that if a copy operation is performed
from a part with a bad checksum, it's already done
in advance, in memory, but then the check on the
checksum in cmd_copy is now checking the other part,
which will be all zeroes, so i invert that too; this
means now when running cmd_copy, it'll complain about
an invalid part, but the part number is inverted.
it's a small price to pay, because this restores the
previous performance optimisations but without being
as unsafe.
this is also true when doing the swap.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lots of block devices use 4KB block size. it makes
sense to have this optimisation here.
i previously removed it, along with the one that
only reads the NVM area - that one is still gone,
because it was largely pointless.
because of this modification returning, i also
re-introduced the check in setWord against
nvmPartModified - otherwise, for example, running
cmd brick 0 would brick part 0 but then write
all zeroes to part 1.
Signed-off-by: Leah Rowe <leah@libreboot.org>
those lines at the end are a hangover from the old opendir-
based implementation.
i also made the output more verbose in that first error
check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
opendir allocates resources and causes a bunch of other
error conditions which we need to catch.
use of stat is more efficient here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it still had some leftovers from the old macro-style
implementation. it still compiled, but this patch
fixes the function properly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
irrelevant for most users, who are on little endian
anyway, but i broke the swap function on big endian
systems. this fixes it.
the new function uses an intermediate variable instead
of xor swapping, but i accidentally left some relics of
of the old xor swaps in place. this fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this, in conjunction with the centralised exit scheme now
used by nvmutil, means that we have portable exit status.
notwithstanding the use of non-portable unix functions, and
especially the use of non-standard err.c (which GNU and BSD
libc implementations all have anyway, as does musl).
this code should now run on essentially any computer with
Linux or BSD on it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
exit with 0 or 1, as is proper.
errno is an int, but the return value on a shell
can be e.g. byte, and depending how that number (errno)
is valued, could overflow and cause a zero exit, where
you want a non-zero exit.
the code has been changed, in such a way to maintain
current behaviour (don't change errno), except that when
errno is set upon exit, the exit value is now one.
Signed-off-by: Leah Rowe <leah@libreboot.org>
pointless optimisation. we know that when a user requests an
operation that would write, it will probably result in a change.
therefore, this change is the real optimisation. to avoid
writing the same half of a file twice, when using cmd_copy,
we check (in writeGbe) whether gbe part 0 and 1 are the same;
if they are, then we only loop once. this is important, because
otherwise we would call swap() twice.
this means that the optimisations in cmd_copy and cmd_swap must
be removed. the point of this and other changes is to improve
memory safety in nvmutil, so frivolous use of pointers has to go.
Signed-off-by: Leah Rowe <leah@libreboot.org>
modern file systems work in 4KB blocks. reading only
a small part of it doesn't really make much difference
in terms of performance.
simplify the code instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
modern malloc implementations make the optimisation here
pretty pointless.
modern computers make this modification pointless.
i'm not planning to run nvmutil on a VAX. openbsd removed
support for it ages ago. 8KB fixed buffer is fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it doesn't save any time on modern systems, and it's just
confusing for some people to read. i mean, i understand it
instinctively, but normal people do it with a swap variable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we always want unveil/pledge calls to be in main, when
possible, so that they are more transparent and easier
to understand when re-factoring, because it's extremely
important that these syscalls be done correctly.
main is small enough now, from other re-factoring changes,
that i'm happy to have this back in main now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current check is too liberal. make it sticter.
the issue is that the previous check did not take
into account that it's a check on a uint16_t array,
against nf which refers to a number of bytes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this was the other complication with doing it as a macro.
for something this fundamental, we really want to ensure
that every access is safe.
Signed-off-by: Leah Rowe <leah@libreboot.org>
merge the urandom handling back into this function.
it's called immediately after in main anyway, so we
may as well. this reduces the size of main.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the given call, we then do an equivalent call
immediately after that is the same, but without
unveil, so we'll just defer to that.
this changes no behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in general, we should ensure that the pledge calls only happen
inside main. this means we can more easily see them, in future
re-factoring.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this will enable hardening of the pledge syscalls.
it also means that the program will error out much
earlier, when an invalid command is given, rather
than opening a bunch of files first, and it will
do so under reduced privilege already, notwithstanding
the further pledge/unveil hardening that is planned.
Signed-off-by: Leah Rowe <leah@libreboot.org>
urandom in main. this is because i'm going to further
harden the use of pledge and unveil in a future patch,
and this is a prerequisite.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also for other variants
i removed it because it was reported broken. it's not.
the removal was always temporary, pending further testing.
next time, i will be more sceptical.
everything works fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
do it in the macro. this way, if a given error is
present, it's not overridden. this enables easier
debugging.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i renamed filename to fname, so that certain lines would
still fit within 80 characters without introducing a new
line break.
Signed-off-by: Leah Rowe <leah@libreboot.org>
handle it in a separate function, for clarity.
the main function just checks each part whether it
changed, and then passes control to writeGbe_part.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use the ERR macro instead, so that an existing value
will not be overridden. this is useful for debugging.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this has to do with memory allocation, not actual reading
of the gbe file into memory. split it up, for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when nf and nr/nw are not the same, we know there
is an error condition, so defer to the following err()
call, but use ERR() there instead of hardcoding use
of ECANCELED.
this actually improves the error handling, by being
more verbose, while reducing the amount of logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a special mode that skips FPTR checks, which is
needed on the topton x2e_n150
we currently set this, when MEclean="n", but we may want to
skip cleaning while still checking FPTR on some boards (in
a future lbmk revision)
Signed-off-by: Leah Rowe <leah@libreboot.org>
it is currently only initialised inside case
conditions. this is fine on most shells, but
some of them can be a bit buggy here.
initialise it empty and then override.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a hangover from an earlier work, where we
had some issues prior to merging.
as it is, the port is ready for a future release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Courtesy of Kat Inskip who ported this board.
Headphone output doesn't work at the moment, due to incorrect verb.
Intel VBT is also wrong. Both are taken from another board.
This will be amended later with the correct verb and VBT.
Signed-off-by: Leah Rowe <leah@libreboot.org>
latest coreboot rev as of literally today
this is in preparation for a thinkpad x270 port
using a WIP patch that was contributed
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is the program I recently wrote, that generated
the submodule entries for the GRUB PO file fix
this utility is for reference only. i'll probably do
away with the fix at some point, replacing it with
my own git-based submodule repository, containing the
PO files. this would make things easier, and then
that repository would contain the utility instead.
i'm just putting this in lbmk for now, so that we
have it somewhere.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Using the same ME image as the 3050 Micro. This fixes the lack of a
backup download URL for the ME and speeds up boot time, since MRC
caching is working with ME (unlike SPS).
Unfortunately, since the MFS partition must be preserved, this does
mean we need a larger ME region than with me_cleaned SPS.
the lack of redundancy in Intel ME downloading is a current
release blocker with this board, so set it to release=n for
now.
it is quite possible to use deguard on this board, which does
have redundant downloading when used with lbmk.
although the board doesn't have bootguard, it is still possible
to use deguard. you can configure the generic ME image that it
fetches, and reconfigure it for each machine.
i've asked ron to look into this, on their test board.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i don't like hyphens in file names, because of how lbmk
has historically handled directories and files in the past;
i've removed a lot of eval statements, to the extent that
it's no longer likely to be a problem (it's barely used now),
but i previously had a problem with using hyphens in config
names.
this design flaw (in lbmk) was fixed ages ago, but i still
maintain this policy. since that time, i use hyphens only.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Surprisingly, SeaBIOS VGA output works (coreboot documentation says it
doesn't).
I'm using a static CMOS option table currently (like most other boards
supported in libreboot), but maybe it would be better to switch to the
CBFS file option table. The default option table enables
hyperthreading, overriding the compile-time setting.
I'm also using a ME/SPS image extracted from the official BIOS update
for this board. Unfortunately, https://www.supermicro.com/Bios/* is
excluded from crawlers in robots.txt so it's not in archive.org, so I
haven't been able to find a backup download URL. I also needed to set
the user-agent for fetching the update to "curl/8.6.0" because the
default user-agent override used by lbmk resulted in a 403 error.
deguard is not required (there's no bootguard on this board).
SPS does not implement CPU replacement detection which means that the
MRC cache does not work and RAM training needs to happen on every
boot. To avoid this it may be possible to run ME instead of SPS on
this board, but I tried both the ME image used on the OptiPlex 3050
Micro in libreboot and one from the ASRock C236 WSI and they both hung
at "[INFO ] POST: 0x92" (POSTCODE_FSP_MEMORY_INIT).
The memtest86+ build included with libreboot doesn't work with USB
keyboards and this board doesn't have a PS/2 port, which is annoying.
The files it downloads are not versioned, and they could
change any time. GRUB has no way to deterministically grab
these.
I've removed GRUB's local for grabbing these, instead
mirroring them myself and checking hashes; no hashes seem
to have been provided by the upstream at Translation Project,
so I just used the hashes I had on the files it had, when
I downloaded them.
From now on, I can just re-download these and re-calculate
the hashes as desired, over time, when updating GRUB revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I accidentally removed a bunch of links in a previous change,
that isn't pushed yet.
due to gitignore rules, files in config/submodule/ have to be
added manually using -f with the git add command. as a result,
i need to be very careful when making changes, especially
temporary changes.
lbmk wasn't downloading files properly, because upstreams weren't
defined. this patch fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 2e6f6e2579.
This was a stupid revert. I don't remember why I even did it.
Better to make the releases *not* take up an extra 100MB per
source file, until I actually need these extra files.
This brings these extra changes:
* eaa3b8f0f Bump version to 2.15
* d38d6a1a9 Release 2.14
* 35bfd6c47 build: Add grub-core/tests/crypto_cipher_mode_vectors.h file to EXTRA_DIST
* ac042f3f5 configure: Print a more helpful error if autoconf-archive is not installed
* e37d02158 kern/ieee1275/openfw: Add a check for invalid partition number
* f94eae0f8 grub-mkimage: Do not generate empty SBAT metadata
* 1aa0dd0c0 configure: Defer check for -mcmodel=large until PIC/PIE checks are done
* ff1edd975 util/grub-mkimagexx: Stop generating unaligned appended signatures
* 51ebc6f67 tests: Add functional tests for ecb/cbc helpers
* caaf50b9a osdep/aros/hostdisk: Fix use-after-free bug during MsgPort deletion
* 18f08826f kern/efi/sb: Enable loading GRUB_FILE_TYPE_CRYPTODISK_ENCRYPTION_KEY and GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER
NOTE: This patch was reversed:
* ac042f3f5 configure: Print a more helpful error if autoconf-archive is not installed
Because it quite unhelpfully broke the build.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a user reported that there is just a black screen at bootup
in 26.01 rc1 on these, but txtmode works.
only their x230 broke in corebootfb. their t430 and x200 they
tested worked fine.
txtmode works. this bug didn't affect 25.06, according to this
user.
no harm deleting these for now. i'll test it myself later (the
user isn't being very helpful with reporting) and fix whatever
the problem is.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot updated the fsp file. we know the old one worked,
so no point testing the new one so close to a stable lbmk
release.
i've modified 3rdparty/fsp/ to re-add the old one as another
file, so that other boards are unaffected, and updated the
Kconfig so that the special file is used for x2e n150 only.
more specifically, added a second fsp submodule.
it's a bit dirty, but avoids bloating lbmk.git
Signed-off-by: Leah Rowe <leah@libreboot.org>
during previous re-factoring, i sorted variable initialisations.
that was all well and good, but prior to that, i initialised
the new_mac string to empty at first, and then to
the "xx" letters; the latter made the first initialisation
redundant, but in the re-factoring, I put the blanking of
the string afterward.
this disabled mac address insertion, because the way the script
works is precisely to avoid mac address insertion when the mac
string is empty. this is used when running the "nuke" command.
silly me.
yes, i'm very silly. very very silly. so silly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Since the libgcrypt update in GRUB, which imported
GNU's own Argon2 implementation, other ciphers have
also been introduced.
This patch adds them to lbmk's GRUB build.
Signed-off-by: Leah Rowe <leah@libreboot.org>
by the time i'd done this, i'd realised that seabios only
modified some documentation upstream. the code has not
changed since last update, upstream.
no point scrapping the update now. now we have slightly
better documentation for seabios!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i had a build error before, when trying this absolute
most up to dave revision.
i found that it was this patch:
commit 1a5417f39a0ccefcdd5440f2a67f84d2d2e26960
Author: Nicholas Vinson <nvinson234@gmail.com>
Date: Tue Nov 18 19:38:07 2025 -0500
For now, I just revert it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
see patches. coreboot making changes upstream. these
are used in the meantime.
this prevents build errors. (again, see patches, specifically
the 780 one explains rationale)
Signed-off-by: Leah Rowe <leah@libreboot.org>
During routine build testing, I noticed that the VBT path was
wrong, because this port had been converted into a variant.
This is because of the OptiPlex 5040 port that is under
review on the coreboot Gerrit website.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk uses make-oldconfig before running a build anyway,
so it would have been fine. however, it's best to just
enable it outright.
this change was generated by doing:
./mk -u coreboot t580_vfsp_16mb
which runs make-oldconfig on the configs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is used by the coreboot build system, for tests.
upstream tries system cmocka by default, but we want the
one in 3rdparty to be used.
i've changed the default to 0 (try 3rdparty cmocka). you
can still override this at runtime.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, we get the following from coreboot's build
system, when performin operations in it:
tests/Makefile.mk:31: No system cmocka, build from 3rdparty instead...
However, *we* (Libreboot project) patch coreboot's build system,
so as to not download submodules itself, because lbmk handles
them manually. This is because lbmk's submodule handling has some
extra redundancy features.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i noticed that the enablement patch came first,
before the actual driver. while this functioned
overall, it was obviously flawed in terms of
the resulting git history. the person who sent
the patch previously had 0046- on both patch
names, which meant that alphabetical sorting
caused the enablement patch to be applied
before the driver patch.
furthermore:
it seems that the submitted had manually re-applied
the same Kconfig changes in the enablement patch,
adding their own name - since Kconfig is not
copyrightable anyway, in this specific example, or
otherwise trivial, it's probably fine, but the
original author on the gerrit patch is actually
Matt DeVillier:
https://review.coreboot.org/c/coreboot/+/88490
I have therefore simply re-based by checking out
Matt's patch, on patchset 1.
However, patchset 1 of Matt's patch uses patch
set 16 of:
https://review.coreboot.org/c/coreboot/+/75286
HustlerOne's lbmk merge uses patchset 18:
https://review.coreboot.org/c/coreboot/+/75286/18
The differences between the two can be observed, thus:
https://review.coreboot.org/c/coreboot/+/75286/16..18
It should be clarified that these patches are not
upstreamed yet, but under heavy review on gerrit.
However, testing has revealed that the patch is
mostly stable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it didn't apply. i will soon update the coreboot revisions
ready for Libreboot 25.12
just rebase this patch for now
Signed-off-by: Leah Rowe <leah@libreboot.org>
Disable the sudden EC initiated shutdown on the Sandy Bridge/Ivy Bridge
Dell Latitude laptops as soon as the reaches 87 degrees, allowing the
standard CPU thermal throttling mechanisms to work.
Fixes: https://codeberg.org/libreboot/lbmk/issues/202
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
I intend to merge every Chromebook that Mrchromebox supports,
into Libreboot, ready for the Libreboot 25.12 release. Work
is still ongoing, and several changes need to happen in lbmk.
I started working on it a few weeks ago (today is
14 November 2025 as I push this).
Still TODO:
* Automatically create lbmk coreboot targets, based
on the configs present in MrChromebox git
* Re-work git repository management in lbmk, such that
a list of upstreams is used, instead of a hardcoded
list per configuration; this will allow us to use
different remotes across the same project, even where
they diverge. This would then allow us to use the
MrChromebook repository directly, instead of cherry-picking
patches into upstream coreboot
* The note above about remotes would also mean that we can
use MrChromebox's own edk2 repository directly. All of this
would reduce the burden on lbmk.git
* Support building edk2 payloads, exactly mirroring the
setups used on MrChromebox builds
There are some things that need to be checked first, for
boards that use MMC-based or eMMC-based storage, for the
GRUB and SeaBIOS payloads, also U-Boot, because I will
also be using these.
As such, this current script shall sit in lbmk master, but
it is not yet finished.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is the true fix, replacing the fixes previously
reverted.
the problem with the old fix was that it was a hack,
and could result in the archived backup of a code repo
being the wrong one; the destination was the one for
the main repo, but what if we were cloning the backup?
Signed-off-by: Leah Rowe <leah@libreboot.org>
this fixes a regression in a previous patch, this time
also taking account for the different cache locations.
all of get.sh needs to be purged, and re-written clean.
it looks clean. but it's years of hacks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
where backup links are available, use those as main instead.
this is because of the new XBMK_CACHE_MIRROR variable, which
makes --mirror be used
when performed on review.coreboot.org, this also pulls down
all changes from gerrit code review; the github backups for
example only contain the official branches, but gerrit creates
a new ref per merge request.
a user can still run ./mk -F to force pulling all repos,
including the coreboot.org ones, but use of -f will skip the
coreboot.org ones if the backup links worked and contain the
local commit needed, by a given project used in xbmk.
this patch won't change any real-world behaviour for xbmk
users, but it is done as a courtesy to the coreboot project,
in that it largely avoids a sudden surge in coreboot.org's
traffic if lots of users start doing XBMK_CACHE_MIRROR=y
if XBMK_CACHE_MIRROR is not set, or set to anything other
than y, a regular clone is performed, saving cached sources
to cache/clone/ - otherwise, cache/mirror/ is used.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't hardcode the cache directory, and don't store
remotes anymore. This change retains compatibility
in practice, with the older directory location, because
it's extremely unlikely that newly generated locations
would conflict with old ones.
With this new change, non-mirror git clone caches are
now done twice; one directory per remote, rather than
one directory with two remotes.
This is just inherently much more reliable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Some repositories might use CR-LF line endings. This option
keeps Git from mangling patches when merging.
Repositories that don't do this, such as ALL repositories
currently used by xbmk, will be unaffected by this change.
This is being done in preparation for importing MrChromebox
edk2, as Intel's own edk2 repository on GitHub uses these.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't do one repository for all remotes. Do one *clone* per
remote.
This also means that users no longer download information twice,
in practice, because the backup repository will only be downloaded
if the main one didn't work.
Theoretically, this change is makes the process less efficient, but
in practise it's more reliable now.
We do now use --mirror on the git clone command for caches, but we
already did git pull --all before.
This just ensures that we absolutely have all local code.
NOTE:
The new code isn't used by default. To use it, you must do:
export XBMK_CACHE_MIRROR="y"
Otherwise, the old behaviour will continue to be used. This is
because the new code, while correct, puts more strain on upstream
servers (more code being downloaded), and can result in higher amounts
of disk space being used. The old behaviour wasn't broken, so we'll
also support that method.
TODO: perhaps also have a check in place to re-use both caches,
where available, regardless of XBMK_CACHE_MIRROR?
Signed-off-by: Leah Rowe <leah@libreboot.org>
recent re-factoring lead to certain code lines that
exceeded 79 characters in length.
we like to avoid this, whenever possible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
whatchanged is deprecated, and results in an error
on modern git versions, prompting you to include
the --i-still-use-this argument
what absolute, utter fucking arrogance. i use the
whatchanged feature every fucking day.
i will be complaining to git-scm.com about this.
but that's what we do in libreboot. we adapt.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the way it was used is messy, and a relic of the
old chained command coding style, from before when
i recently loosened that requirement.
the new focus is simple, readable code, regardless
of size.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of checking if_not_dry_build.
use it here the same way.
yes. shell script macros. it's how i roll.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i added this in an earlier version of the patch, but
for some reason removed it.
this is necessary, or the build system will fail.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I realised that the Dell OptiPlex 3050 Micro has NVRAM available.
Use that backend, and hardcode power_on_after_fail to Disable,
which is already done in cmos.default.
The Lenovo ThinkPad T480 currently has no option table in coreboot,
besides the CBFS one. For this, the CBFS option table has been
enabled, and the build system has been modified to insert
a relevant config for power_on_after_fail.
Nicholas Chin informs me that Kabylake generally has legacy NVRAM,
so enabling it for the T480/T480s should work, but we'll need
to use it in the future anyway; better to just use CBFS now.
I *could* use the CBFS backend on 3050micro as well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also, the check is -e, not -d, because we
might be operating on a symlink.
it's a bit hacky but this should work.
the previous change (now reverted) broke
re-use of the main cache/ in release work
directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit e8a3cd8cd0.
We still need this for extracting the CAB files containing
KBC1126 EC firmware.
Signed-off-by: Leah Rowe <leah@libreboot.org>
xbmkdir checks if a directory exists, before running
mkdir, and then still uses -p
i was testing xbmk on arch linux today, and noticed
that it errored out when a directory already exists.
i'm mitigating against buggy or differently behaving
mkdir implementations this way, by wrapping around
it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we need the full fd path to be automatically set. this
patch prevents it from being removed by ./mk -u coreboot
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, ./mk -u screws up the FSP path
we were still using the correct path for downloading
in ./mk inject, and in practise, the file used by
coreboot would have been the same, but without our
hash verification after splitting up the FSP.
that's the main reason we split FSP in lbmk, rather
than relying on coreboot's logic for this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
but do it better. this time, the change won't cause any
behavioural differences.
the reason for the change is we don't want "$@" inside
an eval statement, if such calamity can be avoided.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this reverts change made to this function in:
commit 4f01dc704a
Author: Leah Rowe <leah@libreboot.org>
Date: Sat Oct 4 06:13:15 2025 +0100
xbmk: remove even more eval statements
for some reason, the new code caused sch5545 ec firmware
to never download.
the old code wasn't horribly broken, so just use that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, the clean version can be placed inside the
release tarball.
there is a make clean option in sbase, but we should
not really on this.
the design of xbmk is that a clean src tarball is
created. there must not be build artifications in it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the --status flag seems to be a GNUism
as stated in the previous commit, i import sbase
suckless now, so as to have a consistent implementation
of sha512sum.
this ensures that its output is reliable, when i'm using
the output of this command within backticks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i currently use the output of sha512sum in several
places of xbmk, which is a bit unreliable in case
output changes.
other cases where i use util outputs in variables
are probably reliable, because i'm using mostly
posix utilities in those.
to mitigate this, i now import suckless sbase, which
has a reasonable sha512sum implementation.
*every* binary it builds is being placed in build.list,
because i'll probably start using more of them.
for example, i may start modifying the "date"
implementation, adding the GNU-specific options that
i need as mentioned on init.sh
i'm importing it in util/ because the sha512sum
util is needed for verifying project sources, so
if sbase itself is a "project source", that means
we can into a chicken and egg bootstrapping problem.
this is sbase at revision:
055cc1ae1b3a13c3d8f25af0a4a3316590efcd48
Signed-off-by: Leah Rowe <leah@libreboot.org>
i unrolled these lines earlier, but this line was
incorrect; dl was already handled. it's dl_bkup
that we have to handle here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the symlink check is what made me use eval, but the
symlink check is not required, since i check every
entry that goes in nuke.list anyway.
not having that symlink check is safer than having
an eval statement on that line.
Signed-off-by: Leah Rowe <leah@libreboot.org>
and add a line break where it is used
now it is essentially a macro of sorts, used in
terms of syntax, to mean the same as:
if [ "$dry" != ":" ]; do
thing
fi
in this case, we say:
$if_not_dry_build \
thing
yes. macros in sh are a thing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this allows me to remove several eval calls, and the
errors relating to configs can now show exactly which
function they occured in, allowing for easier debugging.
once again, eval should be used sparingly if at all.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i will eventually find a way to remove them all,
while still leaving the code completely clean.
in practise, i never use the contents of a file
for eval and the inputs are carefully checked.
however, over-use of eval is always a bad idea
in shell scripting.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this was sent by bauduser, who messed up the pull
request (number 362). i'm simply merging the
change manually.
once again, i instructed this contributor to
properly learn git vcs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is needed to make pico-serprog compile.
this change is submitted by "bauduser" in lbmk pull
request #362, but the PR was messed up. for such
a trivial change, I simply merged this change
manually, instructing the contributor to properly
learn git vcs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we have the "default" tree, then the "nvme" tree which adds
nvme support.
the "xhci" tree adds xhci patches, *and* nvme patches.
riku suggested that i rename it accordingly, and his advice
was quite correct, indeed wise.
this will reduce confusion for contributors, including *myself*.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use of ./mk -F behaves the same as -f before the
previous commit.
this can be useful, during development when we want
to update revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we pull from upstream in cached git repos, before performing
an operation, and we run from the cache, but we do this every
time, even if a local revision exists, defeating the purpose
of the caching; on unreliable/intermittent internet connections,
this can cause a problem.
this also causes us problems with gnulib.git and grub.cfg, which
for *some reason* are really slow, even when doing a pull.
this change improves the efficiency of the build system, during
release builds, on a development repository where we already
have lots of caches.
Signed-off-by: Leah Rowe <leah@libreboot.org>
what this function does will differ wildly,
depending on whether it's a child instance
or a parent instance of xbmk.
break up this function accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this whole check could probably be removed, honestly.
it was only put in place during the debian trixie testing
release cycle, before they finally updated gnat just before
the stable release of trixie came out.
Signed-off-by: Leah Rowe <leah@libreboot.org>
because it's using fspgop init code, not libgfxinit
this is enabled by the previous patch, which now properly
handles seabios payloads when dealing with this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
for all intents and purposes, this functions like libgfxinit
corebootfb, but uses intel fsp's video initialisation instead
of coreboot's native initialisation code
this is currently in use on the x2e n150 mainboard, whose
config is dubiously named "libgfxinit_corebootfb"
now the config can be renamed, and will be, in the next commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
theu current comment is for an old version of the n150
patch, before it was actually merged. the comment has
been adjusted, to match the actual implementation that
was merged.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most implementations of unzip are info-zip
we already compile libarchive for bsdtar, to extract
rar archives in vendor.sh
now we also use bsdunzip
Signed-off-by: Leah Rowe <leah@libreboot.org>
bsdunzip in particular, can be used instead of relying
on the host to provide unzip.
most linux hosts use info-zip as the implementation,
which bsdzip is compatible with.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this lets you skip fptr checks
not currently used on this version, but i want this
patch here so that it can be in the future
Signed-off-by: Leah Rowe <leah@libreboot.org>
mkdst cycles through a bunch of outputted files
when running an extract function, to find the
right file as per defined checksums; if one is
found, it can still show errors for the others,
leading the user to think something is wrong.
remove their fear by removing this benign error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the only practical way to use it is to to use
the non-free version; currently used as a
fallback if unar fails.
however, i'm also going to scrap unar and
use bsdtar instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is for bsdtar, which we will use in place
of unar, because unar is not available on all
of the distros, and we had some recent problems
with it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i delete unneeded fsp modules in releases, to cut down
on the tarball size. so, currently, only kabylake fsp
is distributed.
i'm now also allowing alderlake fsp, because riku has
sent a patch adding an alderlake machine to libreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the return is necessary when release=n while doing
release builds, because it prevents a build error
since the given images don't exist in that scenario.
Signed-off-by: Leah Rowe <leah@libreboot.org>
return instead. xbmk's coding style specifically
prohibits anything other than x_ or err from
running "exit".
Signed-off-by: Leah Rowe <leah@libreboot.org>
the following checks on the path mitigates the
lack of error handling in the findpath command
that sets pypath.
this was all thought of when i initially wrote
this code. it's perfectly fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the check for whether a file is present is unnecessary,
because the following cp command would also print the
file name if it doesn't exist, and exit with the same
non-zero status.
let cp do the work.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the previous function name was misleading, because
this tries multiple methods including git and curl.
therefore, this was renamed to match what it dose.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on further inspection, the following check ensures that the
python version number is 3.
if anything went wrong, the possibility alluded to in the
comment wouldn't actually matter in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, it may get created as the root user, disabling
further use of lbmk until manual user intervention.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the new check is still retained, to the extent that
the lock file still contains the TMPDIR string, and
it's checked whether this changed during execution.
however, the current TMPDIR handling is over-engineered
and prevents the re-use of project source caches when
doing release builds; this means that the release builds
happen much more slowly, especially for slow internet
connections.
this change *fixes* that bug. now release builds once
again re-use the main cache/ directory.
Signed-off-by: Leah Rowe <leah@libreboot.org>
be a bit less pedantic about if else clauses. leave the
big ones still with then on separate lines, where else
is specified.
also unroll a few condensed code lines where i missed
a few.
sloccount 2303 in lbmk. that's still only slightly bigger
than libreboot 20260907 which was 2180, and still much
smaller than libreboot 20230625 which was 3322.
this is *without* the condensed codelines, so now the only
thing that's reduced is the overall amount of logic present
in the build system.
and i should clarify that lbmk is presently much more powerful
than both of those two versions (20160907/20230625).
the 2016 one is useful for comparison historically, since that
was the last major version of libreboot prior to the great
second coming of leah in 2021; and the 2023 june release was
basically the last one before the great audits of 2023 to
2025 began.
not to brag (not much anyway), but all of this means that lbmk
is an insanely efficient build system, considering all the
features it has and what it does.
i unrolled the condensed code style in lbmk, making the scripts
a lot easier to read, because i received complainst about the
condensed style previously used; nicholas chin and alper nebi
yasak both told me that it sucked, and riku viitanen had hinted
at that same fact several months prior.
so hopefully now, lbmk is a bit nicer. those and other people
often find it challenging to challenge me because for reason
they assume i'll get upset and fly off the handle, but it's the
opposite. i want constant criticism, so that i know to improve!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i went further than in the previosu commit. in this
commit, i also provide indentation inside subshells,
to make it clearer that soomething is being done
inside a subshell.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is part of a general effort to make lbmk
easier for novices to understand.
more commits to follow (one for every script).
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, running ./mk dependencies as root will
create xbmkwd/ (temporary directories) as root,
which will then prevent non-root instances of lbmk
from being able to make temporary files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is exactly the same as the normal t440p config,
except that cbfs is 4mb instead of 8mb.
this is useful when externally updating libreboot,
or unbricking; it could also be used for lazier
installation, where you only flash the 2nd chip
without doing a disassembly to get at the other one,
if the user didn't care about neutering the ME.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's still outputting to a file, with an error handle
there, but use of x_ on the sha512sum command itself
adds further assurance of reliability.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use the new functionality in err(), whereby a given
function name and arguments can be provided, for
debugging purposes.
something similar was already done in a few places,
and replaced with this unified functionality.
this patch will make xbmk much easier to debug, under
fault conditions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if more than one argument is provided, it is interpreted
as a command, and the command is outputted.
this means that now for example, where you have:
ls -l foo | err "could not list directory"
you could do:
ls -l foo | err "could not list directory" "$@"
this would show all the arguments given to the calling
function that tried to run "ls"
let's say that function was called bar, you might do:
ls -l foo | err "could not list directory" bar "$@"
right now, it's not easy to provide good debug info
where err is used, unless it was called with x_, which
provides the command/arguments that was bugging out.
with this, we now have an easy and readable/maintainable
way to do the same thing everywhere in xbmk.
this will now be done, in a follow-up commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, some files from a previous me.bin scan
might still be there, which could lead to the wrong
me.bin being found.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the newer way handles escaped characters better, and it
can be nested more easily. it's also more readable.
personally, i prefer the old way, because it's more
minimalist, but it occurs to me that a lot of people
nowadays don't know about backticks, but they do know
of the modern way.
to make the code more readable, i have modernised it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
you can still remove it with the -f flag on rm, but
xbmk only does that on exit from the main parent
instance, or after each build stage in release.sh
because of this, the user could still manually override
the lock file; this would cause running instances of lbmk
to restart wrongly as parent instances.
there's no way to fix any of this, but users don't normally
put -f in their rm commands.
however, this is also a preventative bug fix. if a bug
is ever caused in the future, where the lock file is
created erroneously, the write protection will prevent that,
so long as *it* is still done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this time to source hut.
for some reason, *grub* is slow no matter what repo
provider i host it on??
i tested srht just now, and it seems ok. let's use that.
i'm *paying* for this sourcehut account, so it better be
good!
Signed-off-by: Leah Rowe <leah@libreboot.org>
do away with redundant variable "vendir"
the "appdir" directory is for files extracted from
vendor updates, which are then further processed to
create the real files that we need, such as me.bin
images processed via me_cleaner.
thus, appdir should go in xbtmp.
the appdir currently clutters vendorfiles/, which is
not ideal.
we want it to be that the vendorfiles/ directory only
contains the final firmwares.
Signed-off-by: Leah Rowe <leah@libreboot.org>
e.g. gnupath, xbmkpath
these currently go in XBMK_CACHE/, which is bad
because they're meant to be temporary.
XBMK_CACHE is for permanent files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We currently use GNU-only options in the date command,
when initialising a Git repository.
This isn't a problem in practise, on non-GNU implementations
if not initialising a Git repository, because it's only
used in that situation.
In practise, only those systems with GNU coreutils and libc
are used to compile releases, so this is OK for me at least.
Future portability improvements will correct the issue, and
then this error check can be removed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the release functions in release.sh rely on the
version string *not* being a path containing slashes.
just a single string e.g. "foo", not e.g. "foo/bar"
this is because several checks there make that
assumption. in practise, we always ensure that tags
and such do not contain these characters.
however, someone else working on their own version
of xbmk might not know of this design flaw, so let's
try to correct it in code.
we can add more filtering as designed, in the relevant
function (xbmk_sanitize_version).
Signed-off-by: Leah Rowe <leah@libreboot.org>
XBMK_CACHE is meant for permanent cached files, not
temporarily files.
the temporary release files are copied upon successful
return, to their rightful place under release/
this new change also reduces the chance of race
conditions, if multiple xbmk instances are used; while
not yet supported as a use-case, this is a goal for a
future design change.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we check if the first argument is "./mk" and bail if not,
which forces you to be in the xbmk work directory.
however, this check is flawed because symlinks were still
possible.
this patch prevents a same-named symlink "mk" pointing to
the real mk from being used.
this hardening is necessary, due to several built-in
assumptions inherent within the design of xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
similar to the previous failed patch, which tried to
also generate it each time, but that led to issues.
this version of the same change merely maintains the
current hardcoding logic, while putting it in xbtmp.
that way, it's more robustly cleared upon exit from
the parent instance of xbmk.
this also reduces the chance of race conditions,
since it's in a unique place each time, rather than
going in XBMK_CACHE.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i added a stricter check recently, but this broke
extraction on fresh lbmk clones, tested when doing
a release-build test.
loosen it up again, but only for find_me
Signed-off-by: Leah Rowe <leah@libreboot.org>
this removes the current hackiness, preventing
build errors since xbtmp is now based on xbmkpwd,
which changes when we're in the release dir.
XBMK_RELEASE is still set accordingly, so this
will still work the same way.
this is also cleaner in general.
XBMK_CACHE is still the same, so the release work
directory still re-uses files from the main work
directory, rather than re-creating them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is because when using chained commands at the end
of functions, sometimes you have to explicitly terminate
the line.
the way i do it in this patch is common across the
build system, to mitigate this sh quirk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
and generate them, don't hardcode them - this reduces
the chance of race conditions, which we have seen in
the past and which current execution flow in xbmk even
mitigates in a few places, by doing things in a certain
order.
this change makes the code more robust and easier to
maintain.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we no longer separate them. xbloc was the on-disk
tmp directory, whereas xbtmp used to be in /tmp
which we assumed to be tmpfs (it may not be, but
often is on many workstation setups - and our
documentation recommended doing this).
as mentioned in the previous commit, benchmarking
shows little speed difference using tmpfs /tmp
versus on-disk /tmp, for our purposes at least.
therefore, the handling of tmp files is being
greatly simplified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This way, all operations will be done inside the xbmk
work directory. This is being done, so that I can then
reliably sandybox certain commands in future commits,
for example the "rm" command.
This will also allow me to unify the location of all
temporary files, in future commits. I previously used
the /tmp directory because it's tmpfs-based on many
setups, and this is great for performance. However, in
practise, I never noticed any difference in performance
when benchmarking it (testing /tmp on-disk versus tmpfs).
Signed-off-by: Leah Rowe <leah@libreboot.org>
this lets you change the directory for outputted
release files, versus the default "release" directory.
this code is buggy, because it could let you overwrite
a part of xbmk or worse - and checking for such bad
usage would require a lot more code.
knobs are for nobs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the actual code works fine, but it's quite hacky.
there are times when use of eval is acceptable; this
is not one of those times, but i'd used it in this
instance when i was being a bit crazy about code size
reductions during my audits.
Signed-off-by: Leah Rowe <leah@libreboot.org>
setting a variable in this way will never result in
an error. this is a relic from a prior re-factoring
versus older versions of the code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we need to copy the main lock file, rather than creating
a new, empty one. this is because the new lock file
handling requires it, and the release lock file will
be used during release builds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
set - as soon as possible, for example in the extract_me
function.
we only turn off error handling when certain error-prone
tasks are performed, and mitigations are in place after
these commands run to make sure that the result was valid.
this is because in some cases, we want certain buggy behaviours
to be permitted, with errors handled in a more fine-tuned way,
because sh can sometimes be much stricter depending on the
implementation; otherwise, we almost always rely on -e -u in
most of the build system.
this mainly affects the vendorfile insertion logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a general function that sets variables,
but there are many types of variables to be set.
rather than have all the logic inside this function,
handle it in subfunctions called by xbmk_set_env.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need these anymore, because we now know
whether or not the lock file exists in these cases.
this is because child/parent instance determination
is now done based on the presence of that file, rather
than how TMPDIR is set; and TMPDIR is now set accordingly,
via more robust logic as in previous patching.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it is extremely unlikely to occur, but this patch reduces
the likelihood even further. that unlikely occurance is:
when creating a TMPDIR, it's possible that it was already
created before. this is OK on child instances, where that
is the intended behaviour (unified TMPDIR), but not for
parent instances.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we previously checked whether xbmk was running a child
instance, based on the initialisation of TMPDIR, but
this relied on unreliable string substitutions, which
could not be made inherently reliable. there were also
no checks on whether the given TMPDIR, even if correct,
was a directory or whether it was a symlink; there were
also no checks on whether it changed.
now with this change, child instances are detected by
the presence of the lock file. the parent instance
writes the generated TMPDIR location in that file, and
this is checked again in the child instance, to ensure
that the TMPDIR didn't change; it also errors out if
the TMPDIR doesn't exist or if it is a symlink.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's still not perfect, but now it's unambiguous.
the previous generic check was written based on the
fact that xbmk's main script used to also be called
via several symlinks, which is no longer the case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use this on the debian dependencies, otherwise it installs
a bunch of extra crap e.g. xorg crap, in some circumstances,
which someone probably won't want when they're in a minimal
chroot or something.
reported by ron nazarov. thank you ron!
Signed-off-by: Leah Rowe <leah@libreboot.org>
for the grep command, we must ensure that errors are
suppressed *BEFORE* outputting to a file. depending
on the sh implementation, the previous code might
have begun outputting to a file before suppressing
errors.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the output to a file also has its own error handling,
but x_ can be used safely to provide additional assurance
that the script will break if an error occurs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
group related operations together, without whitespace.
declare all variables at the start of the function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead, create a file indicating that a given xgcc
target had already been built successfully, within a
given coreboot tree.
this will considerably speed up the building of release
archives, especially when there are a lot of boards.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if e.g. elf/coreboot/default/w500_16mb contains readied
images from before, crossgcc is still being checked.
if you already built all the coreboot images, and wanted
to just modify all the payloads for example, this would
result in a much slower re-build process, because it is
needlessly re-checking crossgcc every time.
by doing it this way, we need up the testing of payloads
quite considerably, during xbmk development.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of copying to a temp file and then
concatenating with padding back to the main
file, we concatenate and create the temp file,
then move the temp file back to the main file.
this is because cat can be quite error prone,
more so than mv, so this will reduce the chance
of corrupt files being left behind depending
on the context (of course, the latter is often
avoided due to xbmk's design, which emphasises
use of temporary files first).
this matches the same design used in the function
unpad_one_byte, which creates the deconcatenated
output in a temporary file first, moving it back.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The current logic deletes old project files e.g. sources,
but *after* updating the project hash.
This means that if a deletion fails, and the directory
is still there (e.g. src/coreboot/default/) afterward, it's
now a tainted archive, yet the hash has been updated, so
subsequent runs of the build system will cause unknown
errors.
This patch fixes that, by first copying the new hash to
a temporary file. *Then*, deletions are handled, and the
final hash file is updated afterward.
The code is now a bit more bloated as a result, but this will
reduce the risk of tainted sources being handled under fault
conditions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in that case, the previous tree-wide check will cover
it, so the current logic wastes computational time.
this patch therefore somewhat optimises the code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This fixes the following error on ./mk release:
cp: cannot stat 'elf/coreboot/default/d510mo/libgfxinit_txtmode/coreboot.rom': No such file or directory
I recently re-wrote the handling of coreboot images, and
I overlooked this entirely. When a given target specifies
release=n, it has to be skipped, so builds are not done.
The "release" variable is already checked, in mkcoreboottar.
Let's also put it in the other mkhelper functions, to make sure
there are no errors.
Signed-off-by: Leah Rowe <leah@libreboot.org>
T480/T480s patches were dropped since they're included as
part of the upstream code now.
This update brings the following upstream changes:
* 9e41c7cec7 soc/intel/cmn/block/fast_spi: Lock DMA before exiting coreboot
* c1d45ef93b mb/google/trulo/var/kaladin: Update touchpad settings
* f13f980e03 mb/google/trulo/var/kaladin: Add fw_config probe for storage
* 50c39b3a22 mb/google/trulo/var/kaladin: Fix Type C function
* f0d50aa404 commonlib/include/commonlib: Add volatile qualifier
* 3828153ea5 soc/intel/xeon_sp/gnr: Use official microcodes
* a87cbcd3c9 soc/intel/xeon_sp/ibl: Config ACPI base using PMC device
* 480ac15044 util/cbfstool: Prevent overflow when sorting fit table entries
* bf4f08f3b6 mb/hp/snb_ivb_desktops/variants/compaq_8300_elite_sff: early VGA output
* dd19f6bc5a util/cbmem: Extract devmem and common code to separate files
* def945f3ba soc/intel/apollolake: Measure the IBBL, IBB and OBB from the bootblock
* fbb0738272 mb/google/brox/var/lotso: Decrease cpu power limits
* ce88b12420 mb/google/ocelot: Set correct TPM I2C bus for all ocelot model variants
* e050e2fbfc mb/google/ocelot/var/ocelot: Remove irrelevant comment
* b66c8ea3d3 mb/google/ocelot/var/ocelot: Remove Bluetooth Audio offload
* d5d633f607 mb/google/ocelot/var/ocelot: Update variant.c
* 3b069d320c cbfs: Add a function to wait for all CBFS preload operations to complete
* a7710ed8fd Documentation: coding_style: Add *long* to long multi-line comment example
* 19d7104d85 drivers/intel/touch: Use recommended short multi-line comment style
* 451988d015 mb/google/trulo/var/pujjolo: Fix Goodix touchscreen function
* 542e52c126 soc/qualcomm/x1p42100: Optimize memory layout for X1P42100
* 2e47bd50f2 mb/google/trulo/var/pujjocento: Add 6W and 15W DPTF parameters
* 6e4f4538bb soc/intel/{tgl,adl,mtl,ptl}: Default to Software Connection Manager
* 1b8dd662a9 soc/qualcomm/x1p42100: Add PCIE Clock support for x1p42100
* 4d3def7514 soc/mediatek/mt8189: Fix timer reset in BL31 by using time_prepare_v2
* d898653b0e soc/meidatek/mt8196: Extract common timer code for reuse
* d1c096a5b9 src/soc/mt8196: Correct systimer register offset
* edaa67d0c9 mb/google/skywalker: Add thermal init flow in romstage
* 6aec09875b soc/mediatek/mt8189: Add thermal driver
* 5cc4b9e6ce soc/amd/common/cpu/noncar: Add bootblock overlap detection
* 67cd138df9 soc/intel/apollolake: Add missing header in measured_boot.h
* a428481574 mb/google/nissa/var/dirks: Update power limits
* 55ae0d8a37 mb/google/nissa/var/baseboard/nissa: Add power limits functions
* 82163aedc6 soc/amd/common/block/cpu/noncar: Move BSS and DATA out of PT_LOAD
* 6405641647 mb/google/fatcat: Use same mainboard part number for all fatcat variants
* c5613469ae device: Make a note that SeaBIOS doesn't support above 4G MMIO
* ced4c09359 soc/intel/xeon_sp/gnr: Implement get_mmio_high_base_size
* 7100f226ca vc/intel/fsp/fsp2_0/wcl: Add FSP headers for WCL FSP
* 5171098814 drivers/qemu/bochs: Allow building for non-x86 architectures
* d233b6c903 payloads/external/LinuxBoot/Makefile: Fix build prerequisite
* 502d19be89 payloads/external/LinuxBoot/targets/u-root.mk: Add missing prerequisite
* cba0f0b8b9 payloads/external/LinuxBoot: Rename build target
* 43a54e3b1b util/amdfwtool: Add binary parsing
* 85da3954d0 .gitmodules: Ignore changes make by what-jenkins-does
* 397c5fe420 Documentation: Add a mainboard entry for the Lenovo T480/T480s
* 6768586353 Documentation: Add information about the deguard utility
* ad8b738af0 mb/lenovo: Add ThinkPad T480 and ThinkPad T480s
* 96e381766e ec/lenovo: Add support for MEC1653 EC
* 2181b02765 util/smmstoretool: Properly initialise the authenticated variable header
* 3058464263 util/smmstoretool: Add support for creating variable from file contents
* b49f567e45 util/smmstoretool: Ensure that the FVB header isn't too large
* a6fbaa47ea util/smmstoretool: Clarify the `auth_vars` field
* 3698517d82 mb/amd: Use mec152x tool
* 5a0953614b util/amdtools: Add ec_usb_pd_fw
* e63620012c util: Add Microchip EC FW tool
* 0b5ce9d9f0 soc/intel/apollolake: Add support for IFWI Measured Boot
* 289cff3423 soc/intel/apollolake: Load the IBB into CAR
* 2408695dd3 soc/intel/apollolake: Add a loader for the IBB
* 61b66e9a81 soc/intel/apollolake: Add function to clear MCA in Bank 4
* 138402e7ff soc/intel/apollolake: Create IBB, IBBL and OBB
* 61b4e1983c mb/google/fatcat: Update PCH reset power cycle duration to 1 second
* e9af95d5ab soc/intel/pantherlake: Configure FSP UPDs for minimum assertion widths
* 79bd154b49 drivers/genesyslogic/gl9763e: Mask replay timer timeout of AER
* a775bfc2b2 soc/mediatek/mt8189: Specify MTKLIB_PATH for building BL31
* e583b2ffb7 soc/meidatek/mt8196: Extract common thermal code for reuse
* f62734976c mb/dell: Convert E6400 into a variant
* 8d60bf9975 mb/google/fatcat: select MIPI pre-prod if PTL pre-prod SoC is set
* 2f978ecab3 mb/google/fatcat: Choose platforms with pre-prod Panther Lake SoC
* eb1483ba17 soc/mediatek/mt8189: Increase SCP clock frequency from 26MHz to 416MHz
* 9c5557f982 util/abuild: Add --sequential-boards option
* 9e5234feee payloads/external/edk2: Drop our toolchain override
* 8d9e18a122 payloads/edk2: Indicate whether edk2-platforms is available
* 626fd50a94 mb/google/fatcat/var/kinmen: Enable ISH
* e7cefe4f41 soc/mediatek/mt8196: Move srclken_rc related code to common
* e9731f8925 soc/intel/pantherlake: Add configs for pre-production silicon
* 8687b3d108 mb/google/trulo/var/pujjolo: Add ISH firmware config
* 722c9314c7 mb/google/dedede/var/awasuki: Add 2 HYNIX modules to RAM id table
* 6082bd7711 ec/lenovo/h8: Rework invalid temperature reporting
* 621b1061d0 ec/lenovo/h8: Add Kconfig to select use of Thermal Zone 1
* bc116b8797 ec/lenovo/h8: Replace chip regs for BT/WWAN detect with Kconfig options
* d9169ef617 ec/lenovo/pmh7: Add CFR objects for existing options
* 45d9973a6d ec/lenovo/h8: Add CFR objects for existing options
* ce5a1e8a51 mb/google/brox: Create caboc variant
* d745d38393 soc/intel/cmn/block/fast_spi: Add DMA support
* 8e666c367d soc/qualcomm/x1p42100: Update boot critical firmware memory layout
* e35c784847 Doc/gfx/libgfxinit.md: Fix file names in source code references
* 0e682859e7 payloads/external/U-Boot: Upgrade from 2024.07 to v2025.07
* 8b52167a9f arch/x86: Add support for cooperative multitasking on x86_64
* 569b7a8861 Docs/releases: Finalize 25.06 release notes
* 5db8bf0cfa mb/trulo/var/pujjolo: Enable USB3 WWAN device
* e013c9586c mb/trulo/var/pujjolo: Modify mipi camera parameters
* 7b8520ab69 mb/trulo/var/pujjolo: Update fingerprint enable pin status
* f74027d5ae mb/google/nissa/var/craask: Add elan touchscreen support
* 396a883a0c mb/hp/snb_ivb_desktops: Include PS/2 controller ASL code for MS Windows
* 18c067d392 mb/google/fatcat/var/kinmen: Add Synaptics touchpad
* 2f5b384ba5 soc/mediatek/mt8189: Enable EARLY_MMU_INIT to improve boot time
* d5bce8c420 mb/hp: Add HP 260 G1 DM Business PC (Haswell)
* 48c6f66fa4 mb/google/ocelot: Update TPM_TIS_ACPI_INTERRUPT value in Kconfig
* 0660fe50de mb/google/ocelot: Update GPE configuration
* 5b3063802e mb/google/fatcat/var/kinmen: Fix touchscreen IRQ setting
* 6c4e502fdd mb/google/nissa/var/pujjocento: Reduce PL4 to 38W with no battery
* 6e92554ab6 mb/trulo/var/pujjolo: Modify FW_CONFIG for mipi camera
* 4f5f75da34 mb/trulo/var/pujjolo: Correct USB3 Type-A OC pins
* a1dfd39e04 mb/google/fatcat/var/kinmen: Add AUDIO_UNKNOWN and probe for ALC721
* 306544b427 mb/google/fatcat/var/francka: Add AUDIO_UNKNOWN and audio probes
* edf47d44cd mb/google/fatcat/var/fatcat: Disable Audio for invalid Audio FW_CONFIG
* 454079c3bc lib/cbfs: Ensure cache buffer alignment in ramstage
* 0ef670a66a mb/google/ocelot/var/ocelot: Configure FPS related changes
* 6ab37f0e0e mb/google/ocelot/var/ocelot: Add FW_CONFIG for Finger Print
* 3f61df24d5 mb/google/ocelot/var/ocelot: Add FW_CONFIG for Storage
* bb95a26cda mb/google/ocelot/var/ocelot: Add FW_CONFIG for WiFi
* 410b3c697f mb/google/ocelot/var/ocelot: Add FW_CONIG for ISH
* afaf4c3d7b mb/google/brya/variants/pujjolo: Update ISH GPIOs and add ISH firmware name
* f6de6f8933 mb/google/fatcat: Drop redundant SNDW GPIO mapping
* 584fdd6572 soc/mediatek/mt8196: Remove redundant bootblock.c from Makefile.mk
* 24ea6937f2 soc/intel/apollolake: Add the Kconfig options for IFWI Boot Profile
* c68645cd88 util/supermicro: Fix mem leak in get_line_as_int error conditions
* 05396238da libpayload/drivers: Fix mem-leak in cbmem_console error condition
* 1219981177 drivers/emu/qemu: Add a comment about fw_cfg assumptions
* d866e72b3a mb/google/fatcat/var/kinmen: Set CRFP to use GPIO for status
* 4367daae20 drivers/spi: Add option to generate proper PowerResource _STA
* 03c331399c mb/google/nissa/var/craask: Add focaltech touchscreen support
* b3d7c40fb5 mb/siemens/mc_rpl: Remove code for board_id
* 5de16ed1b8 mb/siemens/mc_rpl: Remove unused embedded controller code
* a1067ec6de mb/siemens/mc_rpl: Remove unneeded code to select a VBT name in CBFS
* 463cda84d2 mb/siemens/mc_rpl: Remove unused Type-C data definition
* dcbe591201 mb/siemens/mc_rpl: Use SPD data from HWInfo instead of from CBFS
* 6c059f8af3 IVB mainboards: Drop 1024M option for gfx_uma_size
* 3b61dbaa06 mb/asus/p8z77-m_pro: Remove incorrect gfx_uma_size options
* 2b7115b139 mb/hp/snb_ivb_desktops: Add gfx_uma_size options up to 512MB
* d99769bbde mb/hp/snb_ivb_desktops/variants: enable 4th sata port on tested models
* 95784dbafb mb/google/ocelot/var/ocelot: Add FW_CONFIG for Audio
* f323adb19f soc/mediatek/mt8189: Increase SPI NOR clock rate from 26MHz to 52MHz
* 689af47b52 commonlib: Add pvmfw related timestamps
* f1d06a5ad4 soc/intel/common/block/memory: Provide a way to use SPD data from memory
* 11b1dc0a97 Reapply "util/cbmem: Consolidate CBMEM and coreboot table access"
* 13f1c6118e Documentation: Update cbmem.md with more information
* 07267d19ce arch/x86/postcar_loader: Add comment line for reloc_params assignment
* e94ac6e655 mb/google/nissa/var/pujjocento: Reduce PL4 to 38 W with no battery
* 2eaec1b53a sbom: Fix build with merged bootblock and romstage
* 267f08dafd MAINTAINERS: Add KunYi Chen as maintainer for LattePanda Mu
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 32dfdfbb01.
The update caused an issue on T480:
Backlight comes on, then off, then on, then off, repeatedly, and
never gets to the payload. Will have to investigate further.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot/default: update t480 patches to set 38
see: https://review.coreboot.org/c/coreboot/+/83274/38
I was previously using:
https://review.coreboot.org/c/coreboot/+/83274/25
Matt DeViller aka MrChromeBox, recently took over the
patch set, tidying up and re-factoring the code so that
it's more suitable for upstream. Several hacky behaviours
were removed, for example the MEC1663 code is now its own
code in coreboot, rather than being bolted onto the H8s code.
Certain T480-specific changes made to global parts of the
coreboot code are now done only on the tree itself.
Mate Kukri has also tested Matt's recent updates. More
testing still needed on Nvidia dGPU models, which never
worked before anyway; Intel GPU models should still work.
Thermas zone handling is also improved. See patch:
https://review.coreboot.org/c/coreboot/+/88415/1https://review.coreboot.org/c/coreboot/+/88416/2
Functionally, this is mostly the same as before. As I said,
Matt has focused on code cleanup, so that the board can be
properly upstreamed. Hopefully this will be merged soon,
in coreboot-main.
Besides this, the following upstream changes were imported:
* 8b52167a9f arch/x86: Add support for cooperative multitasking on x86_64
* 569b7a8861 Docs/releases: Finalize 25.06 release notes
* 5db8bf0cfa mb/trulo/var/pujjolo: Enable USB3 WWAN device
* e013c9586c mb/trulo/var/pujjolo: Modify mipi camera parameters
* 7b8520ab69 mb/trulo/var/pujjolo: Update fingerprint enable pin status
* f74027d5ae mb/google/nissa/var/craask: Add elan touchscreen support
* 396a883a0c mb/hp/snb_ivb_desktops: Include PS/2 controller ASL code for MS Windows
* 18c067d392 mb/google/fatcat/var/kinmen: Add Synaptics touchpad
* 2f5b384ba5 soc/mediatek/mt8189: Enable EARLY_MMU_INIT to improve boot time
* d5bce8c420 mb/hp: Add HP 260 G1 DM Business PC (Haswell)
* 48c6f66fa4 mb/google/ocelot: Update TPM_TIS_ACPI_INTERRUPT value in Kconfig
* 0660fe50de mb/google/ocelot: Update GPE configuration
* 5b3063802e mb/google/fatcat/var/kinmen: Fix touchscreen IRQ setting
* 6c4e502fdd mb/google/nissa/var/pujjocento: Reduce PL4 to 38W with no battery
* 6e92554ab6 mb/trulo/var/pujjolo: Modify FW_CONFIG for mipi camera
* 4f5f75da34 mb/trulo/var/pujjolo: Correct USB3 Type-A OC pins
* a1dfd39e04 mb/google/fatcat/var/kinmen: Add AUDIO_UNKNOWN and probe for ALC721
* 306544b427 mb/google/fatcat/var/francka: Add AUDIO_UNKNOWN and audio probes
* edf47d44cd mb/google/fatcat/var/fatcat: Disable Audio for invalid Audio FW_CONFIG
* 454079c3bc lib/cbfs: Ensure cache buffer alignment in ramstage
* 0ef670a66a mb/google/ocelot/var/ocelot: Configure FPS related changes
* 6ab37f0e0e mb/google/ocelot/var/ocelot: Add FW_CONFIG for Finger Print
* 3f61df24d5 mb/google/ocelot/var/ocelot: Add FW_CONFIG for Storage
* bb95a26cda mb/google/ocelot/var/ocelot: Add FW_CONFIG for WiFi
* 410b3c697f mb/google/ocelot/var/ocelot: Add FW_CONIG for ISH
* afaf4c3d7b mb/google/brya/variants/pujjolo: Update ISH GPIOs and add ISH firmware name
* f6de6f8933 mb/google/fatcat: Drop redundant SNDW GPIO mapping
* 584fdd6572 soc/mediatek/mt8196: Remove redundant bootblock.c from Makefile.mk
* 24ea6937f2 soc/intel/apollolake: Add the Kconfig options for IFWI Boot Profile
* c68645cd88 util/supermicro: Fix mem leak in get_line_as_int error conditions
* 05396238da libpayload/drivers: Fix mem-leak in cbmem_console error condition
* 1219981177 drivers/emu/qemu: Add a comment about fw_cfg assumptions
* d866e72b3a mb/google/fatcat/var/kinmen: Set CRFP to use GPIO for status
* 4367daae20 drivers/spi: Add option to generate proper PowerResource _STA
* 03c331399c mb/google/nissa/var/craask: Add focaltech touchscreen support
* b3d7c40fb5 mb/siemens/mc_rpl: Remove code for board_id
* 5de16ed1b8 mb/siemens/mc_rpl: Remove unused embedded controller code
* a1067ec6de mb/siemens/mc_rpl: Remove unneeded code to select a VBT name in CBFS
* 463cda84d2 mb/siemens/mc_rpl: Remove unused Type-C data definition
* dcbe591201 mb/siemens/mc_rpl: Use SPD data from HWInfo instead of from CBFS
* 6c059f8af3 IVB mainboards: Drop 1024M option for gfx_uma_size
* 3b61dbaa06 mb/asus/p8z77-m_pro: Remove incorrect gfx_uma_size options
* 2b7115b139 mb/hp/snb_ivb_desktops: Add gfx_uma_size options up to 512MB
* d99769bbde mb/hp/snb_ivb_desktops/variants: enable 4th sata port on tested models
* 95784dbafb mb/google/ocelot/var/ocelot: Add FW_CONFIG for Audio
* f323adb19f soc/mediatek/mt8189: Increase SPI NOR clock rate from 26MHz to 52MHz
* 689af47b52 commonlib: Add pvmfw related timestamps
* f1d06a5ad4 soc/intel/common/block/memory: Provide a way to use SPD data from memory
* 11b1dc0a97 Reapply "util/cbmem: Consolidate CBMEM and coreboot table access"
* 13f1c6118e Documentation: Update cbmem.md with more information
* 07267d19ce arch/x86/postcar_loader: Add comment line for reloc_params assignment
* e94ac6e655 mb/google/nissa/var/pujjocento: Reduce PL4 to 38 W with no battery
* 2eaec1b53a sbom: Fix build with merged bootblock and romstage
* 267f08dafd MAINTAINERS: Add KunYi Chen as maintainer for LattePanda Mu
Signed-off-by: Leah Rowe <leah@libreboot.org>
this mitigates buggy video converters e.g. displayport
to hdmi, where sometimes the display doesn't come up.
sometimes you have to probe them twice. this is apparently
what linux does, according to nicholas chin's interpretation.
this is a really quick and dirty patch that worked for
Noisytoot on IRC, tested on their Dell OptiPlex 5050 SFF
which they are porting; the port otherwise works, and this
patch enables them to use their displayport adapter.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This was a problem when I did it before, because individual
target builds weren't automatically re-compiled when needed.
The recent design improvements in lbmk enable this to be
done again.
Cached images in elf/ have no payloads, so they are a liability,
therefore they are padded by one byte to prevent flashing. This
solves the problem that the previous caching had.
With this change, modifying payloads can be tested without
needing to re-build coreboot each time.
The cached coreboot builds are also automatically re-built when
needed, which is another improvement this time, compared to
the last time coreboot builds were cached in this manner.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Detect when a config changes. This is done even if the
entire tree doesn't change.
This is already done per-tree if files change, but
individual project files don't change.
For example, if a grub.cfg changes, the given cached
build for that GRUB tree isn't deleted. Same thing if
a given U-Boot config doesn't change.
This patch fixes a longstanding design flaw of lbmk,
making auto-re-builds more reliable. This complements
another recent change, that deletes all target builds
of a given tree when the tree changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Target builds go inside a common directory for
the given tree now, which gets deleted, thus
deleting all target builds of that given tree.
Therefore, the deletion being removed is redundant.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as opposed to target/
for example:
image the command:
./mk -b u-boot amd64coreboot
This would put the U-Boot binaries here:
elf/u-boot/amd64coreboot/default/
With this change, they now go here:
elf/u-boot/x86_64/amd64coreboot/default/
This solves a problem that existed previously, where
you could modify a given tree in a multi-tree project,
but cached builds for targets branching separately off
of each tree would not be deleted, and thus not re-built.
This accomplishes such a result, without needing to
further check hashes of individual targets.
The latter will still be done, in a future change, because
this change doesn't fix another problem:
If you change a given config, e.g. targetname "foo" which
uses tree "bar", elf/foo/ would not be removed automatically
for re-build.
So this change only deletes individual target builds when
their master tree changes.
Where the target and tree are the same, this also means
elf/tree/target/
for example: seabios/default would create binaries in:
elf/seabios/default/default/
not:
elf/seabios/default/
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's 2019-2025 now, not 2019-2024, because i recently imported
new pcsx-redux upstream changes that go up to June 2025.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i enlarged the BIOS region in a previos commit, but I forgot
to enlarge CBFS. it's the policy of lbmk to enlarge CBFS when
possible, after applying a truncated ME configuration.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Many other changes were imported into the wider pcsx-redux
tree, but we're mainly concerned with the OpenBIOS diffs.
This update brings in the following upstream changes, for
PCSX-Redux OpenBIOS:
* 35de25bb Fixing realloc's edge case.
* b8a9080d OpenBIOS: Annotate sio0/driver.c with enums
* c7cec91e OpenBIOS: Refactor card driver
* 4e42a6b6 Move OpenBIOS SIO to a seperate header and add enums
* a50434c5 Remove OpenBIOS dead sio1 code
* 9c3d3a1e Renaming readAligned to load32Aligned.
* 1b8312e5 [Chores] Format code
* 8b9df484 Simplifying openbios allocation scenario.
* a658a18d Brand new memory allocator.
* ba48f01b Bumped copyright date to 2025
* 64b63a13 Bumped copyright date to 2025
* 3ada28e3 [Chores] Format code
* d25af104 Fixing setjmp/longjmp attributes.
* e51ffafa Assign _bu_init alias to 0x55.
* ae1dd51e Split out the common thread structures to its own file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There really isn't anything functionally different. However,
this means one less patch is needed in lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
NOTE: gfxterm_menu module removed, because of this
change by upstream:
commit ca2a91f43bf6e1df23a07c295534f871ddf2d401
Author: Glenn Washburn <development@efficientek.com>
Date: Mon May 5 16:11:36 2025 -0500
tests: Disable gfxterm_menu and cmdline_cat tests
This brings in the following changes from upstream:
* a68a7dece loader/i386/pc/linux: Fix resource leak
* de80acf36 loader/efi/linux: Unload previous Linux kernel/initrd before updating kernel size
* 249db11d8 loader/efi/linux: Correctly terminate load_options member
* f3b339af1 loader/efi/linux: Use sizeof() instead of constant
* c2b2e0dcf loader/efi/linux: Use proper type for len variable
* de4e8e2aa loader/efi/linux: Do not pass excessive size for source string
* 8c8f96664 loader/efi/linux: Remove useless assignment
* 8ebf155af include/grub/charset.h: Update documentation
* 2f2ed28d5 Revert "lzma: Make sure we don't dereference past array"
* 2539ede82 tests/util/grub-shell: Correct netboot and file_filter test failure
* 8c2d4e64f normal/charset: Fix underflow and overflow in loop init
* ba8eadde6 dl: Provide a fake grub_dl_set_persistent() and grub_dl_is_persistent() for the emu target
* 409e72ced util/grub-protect: Correct uninit "err" variable
* 5eca564b1 gnulib: Bring back the fix for resolving unused variable issue
* ac1512b87 gnulib: Add patch to allow GRUB w/GCC-15 compile
* db506b3b8 gnulib/regexec: Fix resource leak
* bba7dd736 gnulib/regcomp: Fix resource leak
* 91cb7ff6b tests/tpm2_key_protector_test: Add tests for SHA-384 PCR bank
* 451e227e5 tpm2_key_protector: Dump the PCR bank for key unsealing
* 11caacdb2 util/grub-protect: Fix the hash algorithm of PCR digest
* ce23919ca build: Add new header files to dist to allow building from tar
* e3b15bafd build: Remove extra_deps.lst from EXTRA_DIST
* 40e261b89 lib/LzmaEnc: Validate "len" before subtracting
* 86e8f2c4b osdep/unix/hostdisk: Fix signed integer overflow
* 438f05581 disk/luks2: Add attempting to decrypt message to align with luks and geli modules
* 20e6d0c4a osdep/linux/getroot: Detect DDF container similar to IMSM
* b71bc0f8b fs/fshelp: Avoid possible NULL pointer deference
* 272ff81cb fs/ntfs: Correct possible infinite loops/hangs
* 8c95307a0 fs/ntfs: Correct possible access violations
* 06914b614 fs/ntfs: Correct attribute vs attribute list validation
* 0e1762c8a fs/ntfs: Correct regression with run list calculation
* be303f8c1 lib/envblk: Ignore empty new lines while parsing env files
* 34bd00ee2 fs/zfs: Fix another memory leak in ZFS code
* ca2a91f43 tests: Disable gfxterm_menu and cmdline_cat tests
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in the following changes:
* b686f460 sercon: Fix keycodes for F11 and F12
* b52ca86e docs: Note v1.17.0 release
* a6c8e8bb ahci: Fix hangs due to controller reset
The serial console fix is useful to us, as is the AHCI
fix; the latter was previously mitigated by removing
SeaBIOS's AHCI reset patch.
Upstream realised that the AHCI controllers need to have
a timeout on them when resetting them, because they don't
always react immediately to commands.
This makes the AHCI behaviour more correct, in SeaBIOS.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i did:
ifdtool -f layout.txt ifd.bin
changed layout.txt to say this:
00000000:00000fff fd
00019000:007fffff bios
00001000:00018fff me
00fff000:00000fff gbe
00fff000:00000fff pd
then i did:
ifdtool -n layout.txt ifd.bin -O ifd.bin
this was done to the ifd for hp 3500 pro, based on
the 96KB size of the truncated me.bin via me_cleaner,
when downloading vendor files in lbmk.
it's the policy of libreboot that me.bin should always
be shrunk, and the BIOS region enlarged.
in the original HP 3500 PRO patch submitted, the ME region
was larger, with region boundaries like this:
00000000:00000fff fd
00400000:007fffff bios
00001000:003fffff me
00fff000:00000fff gbe
00fff000:00000fff pd
In the above example, you see that the BIOS region is 4MB.
In the new setup, BIOS is about 7.9MB.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot already unlocks the regions during build, by default,
anyway, and this was present in the submitter's patch.
however, it's also good to unlock the IFD regions. like so:
ifdtool --unlock ifd.bin -O ifd.bin
this has been done, on the ifd for hp pro 3500
Signed-off-by: Leah Rowe <leah@libreboot.org>
ifdtool --altmedisable 1 ifd.bin -O ifd.bin
always remember to do this, when adding a new
ifd to lbmk. i merged the 3500 port anyway, since
the submitted already used me_cleaner anyway, but
setting the HAP bit is also useful. for example, if
someone was to only flash the BIOS region, which is
possible in this case since the submitter also
didn't truncate the ME region or enlarge the BIOS
region.
in that case, flashing IFD and BIOS is another valid
way to do it, where IFD's HAP bit is set
Signed-off-by: Leah Rowe <leah@libreboot.org>
We want graphics cards to work out of the box. This is
why SeaGRUB is default, on desktops; SeaBIOS also has
better code quality and is less likely to break, so it
provides a nice fallback in case the GRUB payload is ever
buggy during development (this decision was made ever
since the botched May 2024 release)
Signed-off-by: Leah Rowe <leah@libreboot.org>
it means nothing here. in context, if a non-zero return
is observed, we should not do anything here, which is
already the behaviour anyway, except that "break" means
nothing since we're not in a loop here.
where an error exit should be observed, x_ is used inside
the command given for fx_
Signed-off-by: Leah Rowe <leah@libreboot.org>
handle errors on sha512sum - also handle awk errors inside
the mini subshell, and provide overall error handling.
we know that the project.hash file should always exist, and
always be read no matter what; technically, the find command
that proceeds it might not yield any results, but an empty
file would then be produced.
the edge case of an empty file would have lead to an error
beforehand, when configuring the project in function,
configure_project(), so we've already got that covered.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when reading old_pjhash, we need to error out where a read
error occurs. such an error is unlikely, but could occur under
certain edge cases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't do no-op if it fails; fall back to "clean" instead,
and fail if that fails.
The no-op was there was not all projects have distclean,
but we do intend for them all to be cleaned.
We mitigate further error by only running make-clean if
a makefile exists.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't copy the files directly, because we might be doing
this from a work directory that has no files; in this case,
generic "unknown" variables are used, without generating
any files, so the current logic would produce an error.
However, we do need to create those dot files, because
we then rely on them for building release binaries.
The new logic maintains current behaviour, while fixing
this technical edge-case scenario via mitigation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stick it in git_prep, which both single- and multi-tree
projects will use, when downloading git repositories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The following execution will result in another printf
that says exactly what is being downloaded.
There is no need to inform the user twice about
what is being downloaded.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A git-pull is performed immediately after git-fetch.
Git-pull already performs git-fetch as a prerequisite.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the checks at the end of the function are mostly
superfluous, because bad_checksum() is immediately
called just beforehand, and performs the same checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current behaviour is a relic from the older lbmk
design, before recent auditing.
the current logic would cause xbmk to continue execution,
going into a child process with .git/ being a symlink.
The .git/ directory should never be a symlink, because
it is extremely error-prone.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We rely on a non-zero exit on other try_ commands, which
works fine there because we then check the file afterward
and error out accordingly.
For git repositories, we assume that both mirrors are
identical and therefore once we get to the first clone
attempt, we assume that it must succeed.
Therefore, if it does not succeed, we must fail. This fixes
a regression I found in testing, where sometimes a failed
patching attempt would not result in an error exit, and
would therefore result in broken sources being present.
In practise, I always very closely watch the terminal when
testing xbmk, especially when updating project patches, so
we probably didn't introduce any broken sources in practice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This code was introduced to provide fault tolerance,
so that if I forgot to manually update the configs
myself, builds would still succeed, e.g. coreboot
builds.
However, there have been cases in the past where this
introduces settings we don't want, and in general we
do want to know when there is an error in the configs.
The policy should always be: fail early, fail hard.
This also mitigates bugs in U-Boot's build system; for
example, when I last attempted to update the U-Boot
tree for x86, make-oldconfig introduced a lot of junk
settings unrelated, which then introduced code that
would brick the board if you tried it on one, e.g.
it broke booting most Linux kernels via bootflow.
With this change, U-Boot will be easier to handle,
which normally requires manual configuration; the
automated make-oldconfig reconfiguration feature
breaks U-Boot. This will no longer occur, since we
no longer run it manually.
On the other hand, this feature has also prevented
other disastrous bugs in the past, such as when I
forgot to properly set the SPD size on T480; it was
set to 256 bytes, not 512 as is correct. Therefore,
this new design change means I must also be more
vigilant about config changes in project trees.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it mainly does general tasks, like handling utils
and enabling ccache. the vfiles are a small part.
rename the function accordingly. it is called by
premake, so let's call it corebootpremake.
this change will also make sense when cherry-picked
into cbmk, which does not handle vfiles at all.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we simply do not need to run the make-oldconfig command
at all, and after removing it, the "cook" function seemed
quite redundant so i merged it with mkvendorfiles()
Signed-off-by: Leah Rowe <leah@libreboot.org>
define it with a single variable, rather than several.
this allows several checks to be greatly simplified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In practise, coreboot can set this bit at build time.
We also use ME Soft Temporary Disable by default, on
this platform.
We also use me_cleaner by default, so the me.bin file
added to flash only contains the code that would run
with HAP set anyway.
Therefore, this change is of little practical consequence,
but as a friend put it to me, this change is most technically
correct.
And I'm all about technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We only need the Kabylake version. We can safely
remove the other ones, thereby significantly
reducing the size of the lbmk release archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Right now, if cache/clone/PROJECT/ already exists,
the logic for pulling new changes doesn't execute,
and neither does the logic for updating remotes.
This is bad when updating revisions, because then
manual updating is required, defeating the purpose
of xbmk's own automation in this regard.
Fix it by only checking the cached download on files,
not Git repositories; the try_git function itself will
already perform this check, before updating remotes
and pulling in new commits from upstream.
The updating only happens when a given target directory
doesn't exist, e.g. src/flashprog/ or src/grub/default/,
so this won't slow down release builds for example.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, an "unknown" version number is created.
This regression was caused by the recent optimisation
that reduces the amount of extra work done by init.sh
on child instances of xbmk.
As a result of those changes, now release.sh has to
do some minor initialisation of its own, such as this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also pcsx-redux
this way, commands like "./mk -u" without argument
will not fail. these fake makefile commands do nothing.
otherwise, an error errors because their makefiles
do not define these options.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, ./mk -d (without arguments) fails for GRUB,
which first requires running autoconf to get a Makefile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in several changes from upstream:
* 73d1c959e cryptocheck: Add --quiet option
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
* 301b4ef25 disk/cryptodisk: Add the "erase secrets" function
* 23ec4535f docs: Document available crypto disks checks
* 10d778c4b commands/search: Add the diskfilter support
* 7a584fbde disk/diskfilter: Introduce the "cryptocheck" command
* ed691c0e0 commands/search: Introduce the --cryptodisk-only argument
* c448f511e kern/rescue_reader: Block the rescue mode until the CLI authentication
* 4abac0ad5 fs/xfs: Fix large extent counters incompat feature support
This commit is of particular interest:
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit fb7aaa78bb.
it caused a few issues. will re-do later
the old code isn't really broken, just inefficient, because
several files are scanned twice, but in practise the overhead
isn't that great
The error occurs sometimes, when bruteforcing me.bin:
ERROR ./mk: Unhandled error for: mv /home/user/lbmk/tmp/me.bin /home/user/lbmk/cache/tmpdl/check
This revert should fix the issue, for now.
i'm adding characters to 7ztest, which isn't being passed
on through because everything runs in subshells; the next
pass would default back to the original string, so a given
file may be checked multiple times.
fix this by mitigation; use the random string from mktemp
as a suffix instead.
in practice, this has not affected performance much, but it
will nevertheless avoid unnecessary work by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't skip if the URL is empty. throw an error instead.
i decree that all links must be properly initialised, because
that is the design of lbmk. where only one link is provided,
such as in a local copy operation, the second would succeed no
better than the first so two identical paths are given.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the intent once again is that this for loop shall
return, with zero status, if success is observed.
otherwise, the loop breaks and an error is thrown.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The idea in this function is that if a file or repo is
successfully handled, a return will be performed from the
loop.
If the loop exits for any reason, an error is thrown. The
current code is probably fine, but I can forsee future
modifications possibly causing bugs here.
Make it unambiguous, by always throwing an error if execution
reaches the end of the function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Because of how sh works, having just the [] line causes
sh to exit, annoyingly without an error message, but it
does cause a non-zero exit.
This bug will have already been triggering, before I added
the recent error handling on files for this for loop.
also do it to the other loop in lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
I never really intended for this to be configurable,
but the cache directory is also used during release
builds.
There's too much that can go wrong, letting the user
decide where their cache is. Simplify it by hardcoding.
Signed-off-by: Leah Rowe <leah@libreboot.org>
already present on a few other config files, e.g. arch
i noticed on debian-experimental that i needed to explicitly
install it, whereas it was implicitly installed on debian 12
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's just two lines, and we want much more granular
control of where the lock is enforced. it should be
JUST after confirming that the instance is a parent.
it is at this moment that we should bail if a lock
file exists, because this signals that another instance
of xbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
once again, we are being stricter in child instances.
we must ensure that these variables are set by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we no longer rely on the .git version being
read by child instances, so we MUST ensure
that it is being read.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't update them on child instances, since it's a waste
of time; the lock file prevents further execution, so we
are just wasting time writing to disk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to read or write a file at all, in that case.
we only then need to generate one if running ./mk release.
the scenario in which no .git and no version files exist
is when someone grabs the build system from a snapshot
generated by e.g. forgejo instances. it's ill advised, so
we advise against it, but it is mitigated in code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
That way, unnecessary work is avoided on child instances.
Of course, the current check assumes that TMPDIR wasn't
already set by a wily user before running lbmk, but then
those sorts of users probably know what they're doing.
If they don't know, they will soon find out. Therefore, I
have added additional checks on child instances, preventing
the build system from running if XBMK_CACHE is not set; if
it isn't, then that could very easy lead to certain system
files being overwritten.
The user must never know what happens if XBMK_CACHE is unset.
We simply will not allow it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
all this function does now is create the python symlink,
based on work that was already performed in set_pyver
Signed-off-by: Leah Rowe <leah@libreboot.org>
Do it after the creation of xbmkpath.
This avoids performing an unnecessary check, since
PATH will have already been corrected for child
instances; Python will already be correct there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we mkdir -p xbmklocal, only to remkdir it immediately
afterward, which is the intended behaviour; on parent
instances, xbmklocal is to be re-created fresh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this function now simply creates directories that lbmk
will use, rather than creating specific directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we must only set this in the parent instance, not
child instances. this prevents the variable from
being over-populated with repeated entries.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, initialisation will not be performed erroneously
while another parent instance of lbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is earlier than the current check, thus preventing
the initialisation of a git repository and/or the recreation
of xbmktmp and xbmklocal by erroneous parent executions of lbmk
while another parent is running - the latter of which could have
caused a massively unpredictable build failure, so this is also
a pre-emptive bug fix, fixing all kinds of weird bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i wasn't ok having that variable initialisation and
then the commands on the same line. it looks messy.
having the commands on a separate line makes the code nice
to read, so let's separate them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user doesn't care where the temporary git repo is
git shows that information anyway, in the git clone command
Signed-off-by: Leah Rowe <leah@libreboot.org>
we really only need it there, because the context is
for release archives. normal use of the git repository
doesn't matter in the context of deletions, because that
will not be distributed. only the result of ./mk release
will be distributed.
the builds produced will not change as a result of this,
for people using the normal git repository, because the
files in question are never used anyway, in our configs.
this is being done to make working on local repos easier.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, ./mk -b (without argument) will fail, on release
archives. also, perhaps i should add an mkhelper to build it?
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is the mkdir call that createsn the directory where
a cached git repository is moved to, during creation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
On release archives, I overlooked the previous change to
downloads, during the recent implementation of extra safety
checks. I previously checked there whether the variable named
CONFIG_KBC1126_FIRMWARE was defined, and grabbed both; now I
check CONFIG_KBC1126_FW1 and CONFIG_KBC1126_FW2 separately,
grabbing each file separately.
This patch replicates that change for insertions. Otherwise,
hash verification on ROM images will fail, when running the
inject script on release images.
Downloading was being done, reliably, and the extracted files
were correct, so there was no danger if the user was building
from source and flashing that way.
However, checksum verification on full images failed when
inserting into archives. This is not because the files were
wrong; they were *correct*. However, the EC firmware was not
being inserted *at all* on HP EliteBooks, because of this
oversight. The check is now based on whether the paths to
the files themselves are defined, not whether EC firmware
is enabled in the coreboot config; the latter is implied.
With this patch, vendor file insertion once again works
perfectly, without error, on every board. There was no real
danger for users, just a minor inconvenience. Sorry!
Signed-off-by: Leah Rowe <leah@libreboot.org>
the exit from mkdst can also be non-zero if mv or cp
failed, but there's no way to handle that reliably.
therefore, the checksum verification should be done
one final time, to compensate.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I currently check the downloaded files e.g. .exe file, but
then I don't check - or even define - sha512sums for the
files extracted from them e.g. me.bin
This patch fixes that. It also caches the hashed files, so
that extraction is faster on a re-run - this makes release
builds go faster, when running ./mk release
If a checksum is not defined, i.e. blank, then a warning is
given, telling you to check a specific directory. This way,
when adding new vendor files, you can add it first without
specifying the checksum, e.g. me.bin checksum. Then you can
manually inspect the files that were extracted, and define it,
then test again.
In a given pkg.cfg for config/vendor, the following variables
are now available for use:
FSPM_bin_hash for fsp m module
FSPS_bin_hash for fsp s module
EC_FW1_hash for KBC1126 EC firmware (1st file)
EC_FW2_hash for KBC1126 EC firmware (2nd file)
ME_bin_hash for me.bin
MRC_bin_hash for mrc.bin (broadwell boards)
REF_bin_hash for refcode (broadwell boards)
SCH5545EC_bin_hash for sch5545 firmware (Dell Precision T1650)
TBFW_bin_hash for Lenovo ThunderBolt firmware (e.g. T480/T480s)
E6400_VGA_bin_hash for Dell E6400 Nvidia VGA ROM
In practise, most people use release archives, and the
inject script, so I knew those were reliable, because the ROM
images were hashed prior to removing files. This patch benefits
people using lbmk.git directly, without using release files,
because now they know they have a valid file e.g. me.bin
Previously, only the download was checked, not the extracted
files, which meant that the only thing preventing a brick was
the code not being buggy. Any number of bugs could pop up in
the future, so this new level of integrity will protect against
such a scenario, and provide early warning prompting bug fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in a few places, we use the presence of a file found
by fx_ to cause an exit, but the command that runs
looks something like:
exit 1 "string"
this yields an error, and a non-zero exit, because of
too many arguments to "exit", but we wanted a non-zero
exit anyway.
nevertheless, this is incorrect.
to fix it, eval is used instead. if the never-going-to-exist
condition one day exists where exit 1 actually returns, not,
you know, exits, we will use err instead, with the string
as argument.
this should be fine. it's a bit hacky, but so is fx_, and
it works. fx_ is used in several places to keep the sloccount
down, providing a common way to perform while loops on the
output of a command; that is its only purpose..
Signed-off-by: Leah Rowe <leah@libreboot.org>
more specifically, re-write it so that it can be called with fx_
this means that the single-tree check for nuke.list can be made
much simpler
Signed-off-by: Leah Rowe <leah@libreboot.org>
This way, we can use x_ which will then print the command
that failed, if we need to debug future errors.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I overlooked this in a previous patch. It doesn't really
matter, since we're operating on a file anyway, but it's
not correct.
Files should have rm -f on them, not rm -Rf, for deletion.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We already do what the old code does in setcfg, by
virtue of the fact that the st variable is later
checked, after loading this config conditionally,
where the st variable is otherwise blank.
We can avoid the unnecessary work after loading
the config, by returning if the config is absent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We are calling xbmkget in the same way, whether it's
a subfile or subrepo.
Rename these variables to subcurl and subgit, so that we
can call xbmkget unconditionally.
Signed-off-by: Leah Rowe <leah@libreboot.org>
they were always re-downloading every time.
i've basically re-written most of xbmkget.
there was some erroneous conditions under which
it wrongly deleted the cached file, resulting in
it being downloaded again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The result of the printf statement is sorted, making
it do binaries first, which results in a lot of junk
files then being present inside the source archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it now handles more than just git, and i forsee
it handling even more in the future, e.g. rsync,
ftp, bittorrent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
And this time it works.
I'm now calling xbmkget() which in turn calls tmpclone(),
instead of me calling tmpclone() directly.
The git-pull is done on both remotes, regardless of whether
the first succeeds. This way, if I forgot to update a mirror,
downloads would probably still work.
This also fixes an issue people were having, for example where
the gnulib repository of GRUB was always being downloaded
every time.
I'm using a new directory, XBMK_CACHE/clone, instead
of XBMK_CACHE/repo (which I used before), in case people
still have the old caches from before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't move to the real directory until the work
is done.
that way, a re-try can be done, while analysing
the old files. it is created based on the tmpdir,
under XBMK_CACHE/
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't need to call it from git.sh, because it's
only being done when building a release anyway,
and we already run rmgit when doing a release.
The function itself is only two simple fx_ calls,
so we can just do that from build_release().
Signed-off-by: Leah Rowe <leah@libreboot.org>
in cbmk, it's only used from there.
in lbmk, it's also used from vendor.sh.
however, i plan to further expand git.sh at
some point, tidying it up so that git cloning
is also done from xbmkget, with dlop=git and
git.sh would then be renamed to get.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
group the cbfs command to the extract command, since they
are related. this makes it clearer that the following
command to extract refcode is unrelated.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it was too complicated. most of the logic has been moved
to a new function, try_file()
the for loop is handled by xbmkget(), whereas each try
is now handled in try_file()
Signed-off-by: Leah Rowe <leah@libreboot.org>
split the actual bootstrapping to getvfile()
setvfile only sets the config, but then it will
call getvfile() to act on that config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i moved out more code to vendor.sh, to reduce the
amount of lbmk-only code on inject.sh
this should reduce the number of merge conflicts
even further, when cherry picking from lbmk to cbmk.
in particular, vendor file insertion is now handled
entirely through the "setvfile" function, instead
of from inject.sh, which seems counterintuitive,
but remember that inject.sh also does MAC addresses.
therefore, the inject.sh script is now primarily for
inserting MAC addresses, and handles vendor downloads
in a slightly more convoluted way, but still easy
enough to understand if you read it a bit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, we create empty directories where build.list
doesn't exist, like on coreboot.
we already create a directory when needed, when actually
copying elf files, so let's just leave it at that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
to the extent feasible, keep lbmk-specific parts on
inject.sh to a minimum. this will later be used to
re-sync cbmk's inject.sh with lbmk's, because cbmk's
one doesn't handle vendor files.
the way this is designed now, with this patch, will
make cherry-picking lbmk to cbmk easier in the future,
when keeping this part of cbmk in sync with lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
generally go for a more linear function order, and
split up any functions.
the objective is to have functions only suitable to
libreboot be separate. more splitting will be done,
and eventually the vendor-download functions will be
split into a new file, as will several other functions.
this is being done as part of an effort to bring the
libreboot and canoeboot versions of inject.sh in sync,
so that from now on, cherry picking between the two
projects will produce fewer merge conflicts and require
a lesser amount of post-merge maintenance.
some other minor cleanup has also been done; for example,
the "need_files" variable is redundant and was removed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
many places in lbmk used err, because older versions
of x_ did not handle globbing properly.
however, use of x_ is preferable on trivial commands.
the only time err() should be called is what it has
to be, when x_ can't work, or when a more useful error
message is needed, for context.
Signed-off-by: Leah Rowe <leah@libreboot.org>
that way, the Intel GbE device can be enabled there,
and only then would the refcode file be copied.
otherwise, the current behaviour would leave buggy
refcode in place, if the dd command failed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use of the e function would slow down execution,
and it's mostly unnecessary in this case.
the e function is only needed if we want to confirm
via user message that a file exists. that is not
needed here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current test allows a further extraction after
running mecleaner, even if me.bin was found.
further, any recursive calls that exit non-ze
don't lot the loop acthually stop, unless we
subshell that too, otherwise fx_ is returned to
return 0 when a given command it runs returns 1,
or more specifically: the for loop in x_ breaks.
this is by design, and there's not much that can
be done, but this patch should pseed up extraction
a little bit, when dealing with intel me files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
that way, with set -u -e, we aren't risking some
buggy sh implementations from causing an error exit
where it shouldn't.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The idea with mk is that it's meant to basically be a
stub for running everything else, while mainly having
the trees logic within it (what was once script/trees).
Signed-off-by: Leah Rowe <leah@libreboot.org>
similar to the last patch, we must ensure that the
inability to patch will cause a hard exit, regardless
of any redundancy we have for cloning.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We allow a re-try when cloning fails, to account
for redundancy, but resetfail currently doesn't
cause any error exit at all.
This patch mitigates that bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, if it doesn't exist, the current check will
wrongly exit with error status, preventing you from
running the build system at all!
Signed-off-by: Leah Rowe <leah@libreboot.org>
We used cbfstool from coreboot 4.13, because it was the
last version to work with the particular format used
for stage files, before the CBFS standard changed in newer
releases of cbfstool.
When I added this board to Libreboot, it was source-only at
first so it didn't matter. I didn't want to do a standalone
cbfstool binary, in case some people decided to use that one
on newer boards, which would cause all sorts of issues.
So I bodged it and just included an import of coreboot 4.13.
Well, the cbfstool from coreboot 4.11, as used for FAM15H
AMD boards, is compatible. I checked the code diff between
the two, and there is no meaningful difference.
I've tested this, and it works, since the last release or
two now includes 820 G2 images, so I was able to use those
with ./mk inject, to verify whether the refcode file is
still grabbed properly. We need the refcode to handle MRC
on Broadwell platform, but we extract it from an old Google
Chromebook image, that uses the old CBFS stage file layout.
This change solves my problem: the problem was that releases
are bloated further, due to including this extra coreboot
version. This should reduce the size of the next release
considerably, especially after decompressing the tarball.
Signed-off-by: Leah Rowe <leah@libreboot.org>
right now, we assume "find", but it adds any number of
arguments next to that.
change it instead to support any command, where the
assumption is that it would generate a list of files
and directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i used i instead of 1, in the variable when running
the extract_archive function.
this didn't trigger since +u was set, and +e was set.
in practise, then, it seems that because of this, and
because my ME extract/insert test was a success, that
none of the archives we use actually have a ME inside
of a file inside of a given downloaded archive.
still, this is technically incorrect, so fix it!
Signed-off-by: Leah Rowe <leah@libreboot.org>
the call stack already falls through with a bunch of return
1s after a successful run of me_cleaner, so it's really not
necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Generated by find, this is a wrapper in place of using
for loops everywhere. This simplification temporarily
increases the amount of code, because we don't do this
a lot, but this will reduce the growth of the build
system code size in future changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't need the copy command at all, since the files
it copies are the only ones that the Python script does
anyway, so now we just make that script output to the
directory, directly, where these files must go.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Use fe_ with a new function, scankconfig, to do the
same thing. Not only is this simpler, it now also
operates on all coreboot configs for a given target,
whereas it previously only operated on the first one.
This is useful for cases where one config might use a
file that the other one does not; in practise, we don't
do this yet, but it's a theoretical possibility
Also: don't use the function check_defconfig, which is
now redundant and has been removed.
That function also conflicted with another function by
the same name in mk, but fortunately didn't cause an
issue in practise, due to how sh works; when vendor.sh
was used, it was without running the tree commands,
except under a separate lbmk instance.
So this is a simplification, a feature enhancement and
even a bug fix, all wrapped into one!
Signed-off-by: Leah Rowe <leah@libreboot.org>
It's completely unnecessary, and I forsee this
check breaking the build system at some point,
since some commands rely on the output of other
commands. Therefore, I've removed this check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
fe_ returns an error on the find command, but we rely
on the only error ever being our intentional exit, upon
discovering files.
in singletree, the directory being checked was already
checked first, so we know it's safe not to err on find;
and find not reporting an error if no files are found is
ok.
on elfcheck, it's very much the same thing. In fact, we
very much want it to return 0 if the directory doesn't
exist, or if files don't exist within it.
Therefore, use fx_ which is designed for this use-case.
Quick re-cap: fx and fe execute a given function name with
each line outputting by find as an argument, each time. It
is somewhat similar in scope to find's -exec command.
We use fe_ as shorthand in several places all over lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't insert special files like GRUB keymaps after
copying to the final destination.
Instead, copy the tmprom to /tmp and operate on that,
in these instances.
This is less efficient, depending on the user's
configuration; if /tmp is on the same file system as
the user's xbmkpwd, it should be fine. However, the
actual performance hit isn't that bad in practise,
on most setups.
If the user's /tmp is a tmpfs, then that means using
tmpfs, but it's one image at a time. It should be OK.
Signed-off-by: Leah Rowe <leah@libreboot.org>
"not seauboot" is a valid check at present, but if
i start supporting other arguments in the future,
this code would have to change.
therefore, i change it in advance, on that theory.
this new check is more technically correct. these
lines are triggered when inserting grub keymaps.
Signed-off-by: Leah Rowe <leah@libreboot.org>
See, coreboot bug report:
https://ticket.coreboot.org/issues/590
We hadn't noticed this for quite a while, since we always
just booted with iomem=relaxed when needing to run cbmem,
since in practise it was always combined with other tasks
that require access to lower memory.
GRUB currently matches coreboot's own mmap for cbmem, but
for example SeaBIOS marks cbmem as E820 reserved. Therefore,
this change replicates the SeaBIOS behaviour.
Without this patch, Linux needs to boot with iomem=relaxed
for cbmem access, for example when running ./cbmem -1
With this patch, cbmem is now accessible regardless. This
patch also prevents Linux from overwriting parts of CBMEM.
Thanks go to Paul Menzel, who wrote this GRUB patch.
Thanks also go to Nicholas Chin, who provided testing, all
the way from Coreboot 25.03 back to Coreboot 4.20. It seems
that this is just something the payloads have to handle.
This means that both SeaBIOS and GRUB no longer have this
bug, in Libreboot; now what remains is to replicate the
test with our U-Boot payload.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Some parts of lbmk set +u +e, to be reset later on
under normal conditions upon exit. We must ensure
such level of integrity in err() as well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Rely once again on err_, but still explicitly add an exit
just below, in case I made a mistake one day.
err() is essentially a trap that triggers in case I mess
up an error function, so that it doesn't reliably exit.
So, the idea is that everything calls err(), and err() is
almost never modified, or modified very carefully.
If error exits were ever broken, the result could be quite
unpredictable, so lbmk has very strict error handling, and
great care is taken to ensure that it does reliably exit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make the command style more consistent, for example
relying on x_ inside a subshell to print the command
and arguments if a command failed.
this is a good style, and i'll probably use it in other
places on lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't directly call a variable. Call a function that
checks the variable instead.
The new err function also checks whether an exit was
actually done, and exits 1 if not.
If an exit was done by the given function, but the exit
was zero, this is also corrected to perform an exit 1.
This fixes a longstanding design flaw of lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Always certainly redundant, since if -u -e isn't
set, it'll continue to exit anyway.
However, we want to be pedantic about this, since
the safety of lbmk relies entirely on this function
NOT misbehaving.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it could be that some were left over before, for some
reason. that isn't currently the case, but this will
avoid the possibility in future.
therefore, this is a preemptive bug fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the initial checks are unnecessary, since i always know
what arguments are being provided.
the -f check in the for loop is now an -x instead, more
efficient and complete.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we know that _dest is always what's set in the coreboot config,
without the ../../../ in it, so just copy both files in a single
function, and call the function twice.
if both files are done on the first call, the second call will
be skipped. if only the first file was done on the first call,
running the download script again will skip the first one, and
grab the second one.
this also avoids having to run the decat function twice, in most
cases, so it's a tiny optimisation.
this optimisation only works if both fsp files (s and m) are to
be extracted into the same directory, which is the case anyway,
and this will always be the case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't copy it until it has been padded properly.
Otherwise, erroneous padding would result in an error,
and who knows what would be left in vendorfiles/ ?
Signed-off-by: Leah Rowe <leah@libreboot.org>
If we're in a release work directory, TMPDIR is already
set, so the local ./tmp won't be created, which would
lead to an error.
Fix it by creating xbmklocal before checking TMPDIR.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this silences confusing error messages that the user
sees on the screen, that are actually benign, and it
will thus reduce the number of people who ask questions
on #libreboot irc
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's not a lot of code, and takes less than a second.
the previous change uses x instead of ?, but this would
cause an error if the nvmutil was already built, because
the makefile might cause a build to be skipped.
therefore, force a re-build to mitigate the error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A user reported that '?' causes an error on zsh. See:
https://codeberg.org/libreboot/lbmk/issues/261
For example:
./mk inject libreboot-XXXXXX.tar.xz setmac ??:??:??:??:??:??
The user got:
zsh: no matches found: ??:??:??:??:??:??
The mitigation here is to double-quote, e.g.:
./mk inject libreboot-XXXXXX.tar.xz setmac "??:??:??:??:??:??"
However, a lot of people won't do that. Therefore, I will
retain the current behaviour but support x/X for randomness.
Now lbmk uses x by default, instead. I will now update the
documentation, accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
not to be confused with /tmp
we use ./tmp inside the lbmk work directory, for large files,
because /tmp might not be very big, or might be a tmpfs
Signed-off-by: Leah Rowe <leah@libreboot.org>
In the mk script, we need fx_ to not return errors on the
find command, since it's searching a bunch of directories
where some of them may not exist.
All other instances where fx_ is used, must return an error
if the directory being searched doesn't exist.
For this, fe_() is introduced, which does the same as fx_
but with this much stricter check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We have a lot of places in lbmk where the output of find is
used, and then some function is executed on the result.
This is messy, and bloats several of these functions.
Now this is unified, into a new function: fx_
What fx_ does is execute a given function, for each result
found, with the arguments for a find command appended.
For example:
find -name ".git"
If you wanted to do: foo "$arg"
Where "arg" is a search result from find, and you wanted
to execute "foo" on each one, you would do:
fx_ foo -name ".git"
The find utility does have an -exec feature, but I've found
that it only works for executables, not functions.
fx_ does not return errors, so "foo" in this example
would have to do its own error handling.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is similar to the 9020SFF, but this board has ECC support.
However, the native raminit isn't used here, even though it is
otherwise compatible, because the native init doesn't do ECC yet.
The broadwell mrc.bin has ECC support, which is also used on the
HP EliteBook 820 G2. The MRC for broadwell can be used on haswell
boards such as the T1700.
Add both the SFF and MT variants. Since these are identical to the
9020 variants, except for slightly different PCH enabling ECC, we
can just re-use the 9020 port without issue.
We *could* add a variant to coreboot, for T1700, but there is not
really any pressing need. It is simply the 9020sff/mt with mrc.bin
Signed-off-by: Leah Rowe <leah@libreboot.org>
remove it from mkhelper files, because rom.sh doesn't
initialise any variables globally, except one that
never changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Do it just after creating the src archive. This way,
everything is downloaded all at once.
Otherwise, a momentary lapse of internet uptime will
cause a release build to fail later on, and one of
lbmk's flaws is that this would then mean you must
re-build from scratch.
If we assume that the internet is working within a
short period of time, then this change would mitigate
that possibility. If something did happen during tar
archive creation, that's a much shorter amount of time
that is "wasted".
Signed-off-by: Leah Rowe <leah@libreboot.org>
these functions make more sense in lib.sh
i made mk link lib.sh first, so that the
functions on init.sh can still use them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I fixed the AHCI bug, with a patch that I wrote. It works by
restoring the old SeaBIOS AHCI initialisation behaviour, whereby
the AHCI controller is enabled from its current state; the patch
that broke AHCI in coreboot (tested on ThinkPad T420), changed
AHCI initialisation behaviour so that the controller's state is
first reset, prior to enablement.
However, my patch also retains the new AHCI initialisation
behaviour, when a CSM is in use. The AHCI reset patch was done,
by the author, specifically for SeaBIOS in CSM mode, so it makes
sense to only change the behaviour conditionally according to that.
This reverts commit 8245f0b321.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit a08b8d94fc.
From #libreboot IRC today:
07:02 <irys> ooh this is fun. seabios commit 8863cbbd15a73b03153553c562f5b1fb939ad4d7 (ahci: add controller reset) breaks ahci entirely on t420
07:05 <irys> cbmem console on that seabios commit has a timeout then "AHCI/0: device not ready"
07:07 <irys> AHCI works fine if i change config/seabios/default/target.cfg to use the immediate previous seabios commit (df9dd418b3b0e586cb208125094620fc7f90f23d)
07:07 <irys> works in grub payload either way though
07:31 <irys> here, `cbmem -c` after booting the broken rev: https://0x0.st/84oQ.log
07:31 <irys> compared to the working one https://0x0.st/84o1.log
07:33 <irys> i can't report to upstream myself *right now* but i figure you might want to know about this leah
I have downloaded those logs locally for reference, so that an upstream
report can be made to SeaBIOS. For the purposes of this Libreboot commit,
the diff of the logs is as follows (diff -u broken.log working.log):
Taking each diff line out of the log, the relevant entries
seem to be:
Searching bootorder for: /pci@i0cf8/*@1f,2/drive@0/disk@0
+AHCI/0: Set transfer mode to UDMA-6
+Searching bios-geometry for: /pci@i0cf8/*@1f,2/drive@0/disk@0
+AHCI/0: registering: "AHCI/0: Netac SSD 128GB ATA-11 Hard-Disk (119 GiBytes)"
-WARNING - Timeout at ahci_port_setup:477!
-AHCI/0: device not ready (tf 0x80)
-All threads complete.
-2. Payload [memtest]
+2. AHCI/0: Netac SSD 128GB ATA-11 Hard-Disk (119 GiBytes)
+3. Payload [memtest]
-Space available for UMB: c7000-eb800, f5880-f5ff0
-Returned 16777216 bytes of ZoneHigh
+drive 0x000f5fa0: PCHS=16383/16/63 translation=lba LCHS=1024/255/63 s=250069680
+Space available for UMB: c7000-eb800, f5880-f5fa0
+Returned 16773120 bytes of ZoneHigh
Therefore, the revision will be reverted back for now. It was
only about 8 additional patches imported in the update anyway.
src/rp2_common/boot_stage2/boot2_w25x10cl.S:142: Error: junk at end of line, first unrecognized character is `0'
src/rp2_common/boot_stage2/boot2_w25x10cl.S:145: Error: garbage following instruction -- `beq 00b'
This should also fix it on Debian sid Experimental, where I'm testing
with GCC 15 and other bleeding edge dependencies.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i forgot to in the last commit, but it didn't matter because
it just meant that coreboot.git's own download logic kicked
in as a fallback. however, it's better to rely on libreboot's
build system for this, since it has redundancy.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this fixed kgpe-d16 build errors on gcc 15 when tested
on debian sid (with gcc-15 installed from experimental)
Signed-off-by: Leah Rowe <leah@libreboot.org>
Many users report bugs, so I'm reverting lbmk back to only
supporting the rp2040 dongles for the time being. The
documentation will be updated to reflect this.
Pico2 support will be re-added at a later date, once more
testing has been done, and fixes made if necessary.
This brings in the following improvements from upstream:
* 9029a010 kconfig: fix the check-lxdialog.sh to work with gcc 14+
* 8863cbbd ahci: add controller reset
* df9dd418 update pci_pad_mem64 handling
* a4fc1845 add romfile_loadbool()
* a2725e28 drop acpi tables and hex includes
* 35aa9a72 drop obsolete acpi table code
* 1b598a1d usb-hid: Support multiple USB HID devices by storing them in a linked list
Signed-off-by: Leah Rowe <leah@libreboot.org>
the fix in the previous revision wasn't being applied
properly, because the build system of gmp generates
a conftest.c file, and the entry being made for it was
actually coming from this place in the configure file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
gcc 15 defaults to -std=c23, but the older gcc was
using -std=c17. The new c23 breaks GMP, so let's add
a patch from upstream (GMP project) to fix it.
this has been done to both coreboot trees.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Building the fam15h tree results in one of the same nonstring errors
we also had when building the default tree. Copy the relevant patch from
the default tree, while dropping a hunk that we don't need in this old
version.
Another build error is about bool being a reserved keyword now:
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7140:13: error: 'bool' cannot be used here
7140 | static void bool(struct compile_state *state, struct triple *def)
| ^~~~
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7140:13: note: 'bool' is a keyword with '-std=c23' onwards
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7140:18: error: expected identifier or '(' before 'struct'
7140 | static void bool(struct compile_state *state, struct triple *def)
| ^~~~~~
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c: In function 'mkcond_expr':
.../lbmk/src/coreboot/fam15h/util/romcc/romcc.c:7708:19: error: expected ')' before ',' token
7708 | bool(state, test);
| ^
| )
[...]
Fix that by adding a patch that renames the function to bool_().
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Building coreboot host tools with GCC 15 results in build errors:
In file included from .../lbmk/src/coreboot/default/util/cbfstool/console/console.h:7,
from .../lbmk/src/coreboot/default/src/commonlib/fsp_relocate.c:3:
.../lbmk/src/coreboot/default/src/commonlib/include/commonlib/loglevel.h:170:26: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (6 chars into 5 available) [-Werror=unterminated-string-initialization]
170 | [BIOS_EMERG] = "EMERG",
| ^~~~~~~
.../lbmk/src/coreboot/default/src/commonlib/include/commonlib/loglevel.h:171:26: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (6 chars into 5 available) [-Werror=unterminated-string-initialization]
171 | [BIOS_ALERT] = "ALERT",
| ^~~~~~~
[...]
../cbfstool/common.c: In function 'bintohex':
../cbfstool/common.c:195:43: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (17 chars into 16 available) [-Werror=unterminated-string-initialization]
195 | static const char translate[16] = "0123456789abcdef";
| ^~~~~~~~~~~~~~~~~~
Add a patch that marks the latter with the "nonstring" attribute, and
disable the warning for the former because I couldn't figure out how to
add that attribute there.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The Debian package for libusb is "libusb-1.0-0". Fix the typo in the
list which is missing the suffix. While we're here, also fix a line
continuation.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
One of our SeaBIOS patches causes build errors with GCC 15:
src/romfile.c: In function 'romfile_loadfile_g':
src/romfile.c:65:18: error: too many arguments to function 'malloc_fn'; expected 0, have 1
65 | char *data = malloc_fn(filesize+add_len);
| ^~~~~~~~~ ~~~~~~~~~~~~~~~~
src/romfile.c: In function 'romfile_loadfile':
src/romfile.c:88:50: error: passing argument 3 of 'romfile_loadfile_g' from incompatible pointer type [-Wincompatible-pointer-types]
88 | char *data = romfile_loadfile_g(name, psize, &malloc_tmphigh, 1);
| ^~~~~~~~~~~~~~~
| |
| void * (*)(u32) {aka void * (*)(unsigned int)}
src/romfile.c:55:28: note: expected 'void * (*)(void)' but argument is of type 'void * (*)(u32)' {aka 'void * (*)(unsigned int)'}
55 | void *(*malloc_fn)(), int add_len)
| ~~~~~~~~^~~~~~~~~~~~
In file included from src/romfile.c:8:
src/malloc.h:42:21: note: 'malloc_tmphigh' declared here
42 | static inline void *malloc_tmphigh(u32 size) {
| ^~~~~~~~~~~~~~
make: *** [Makefile:142: out/src/romfile.o] Error 1
make: *** Waiting for unfinished jobs....
src/optionroms.c: In function 'vgarom_setup':
src/optionroms.c:468:60: error: passing argument 3 of 'romfile_loadfile_g' from incompatible pointer type [-Wincompatible-pointer-types]
468 | void *mxm_sis = romfile_loadfile_g("mxm-30-sis", NULL, &malloc_low, 0);
| ^~~~~~~~~~~
| |
| void * (*)(u32) {aka void * (*)(unsigned int)}
In file included from src/optionroms.c:18:
src/romfile.h:17:34: note: expected 'void * (*)(void)' but argument is of type 'void * (*)(u32)' {aka 'void * (*)(unsigned int)'}
17 | void *(*malloc_fn)(), int add_len);
| ~~~~~~~~^~~~~~~~~~~~
In file included from src/optionroms.c:16:
src/malloc.h:30:21: note: 'malloc_low' declared here
30 | static inline void *malloc_low(u32 size) {
| ^~~~~~~~~~
make: *** [Makefile:141: out/src/optionroms.o] Error 1
make: Leaving directory '/tmp/lbmk/src/seabios/default'
This is because the function pointer defined as `void *(*malloc_fn)()`
refers to a function that takes no arguments, unlike `malloc_tmphigh`
which takes an unsigned int. Add the missing argument type.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Recently, gru boards were migrated to use common stack addresses with
U-Boot commit 5e7cd8a11995 ("rockchip: Use common bss and stack
addresses on RK3399") and commit 49f8131e5594 ("rockchip: rk3399-gru:
Use TPL with common bss and stack addresses"). This is done with the
ROCKCHIP_COMMON_STACK_ADDR config.
With POSITION_INDEPENDENT, INIT_SP_RELATIVE defaults to enabled as well.
However, ROCKCHIP_COMMON_STACK_ADDR selects HAS_CUSTOM_SYS_INIT_SP_ADDR,
which depends on INIT_SP_RELATIVE being disabled. So this results in a
configuration warning:
WARNING: unmet direct dependencies detected for HAS_CUSTOM_SYS_INIT_SP_ADDR
Depends on [n]: ARM [=y] && ARCH_KIRKWOOD [=n] || ARC [=n] || ARM [=y] && !INIT_SP_RELATIVE [=y] || MIPS [=n] || PPC [=n] || RISCV [=n]
Selected by [y]:
- ROCKCHIP_COMMON_STACK_ADDR [=y] && ARM [=y] && ARCH_ROCKCHIP [=y] && SPL_SHARES_INIT_SP_ADDR [=y]
I'm not sure if adhering to the Rockchip values means we can't be
position-independent. Disabling INIT_SP_RELATIVE still appears to keep
my kevin board working, so let's do that for now.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Apply our preserved changes to the new U-Boot defconfigs. Upstream
rearranged memory layouts for Rockchip boards to a unified layout, which
got rid of CUSTOM_SYS_INIT_SP_ADDR and HAS_CUSTOM_SYS_INIT_SP_ADDR, and
will need a change to a related INIT_SP_RELATIVE later.
Normalize the positions of each line in the config by regenerating the
defconfig by `./mk -l u-boot` and then `./mk -s u-boot`, so that the
diff looks all green when we actually expand it to the full config.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set the U-Boot revision to the commit hash for v2025.04, and rebase the
patches for the default U-Boot tree to accommodate for upstream changes:
- The SPL/TPL/VPL phases are being unified under the xPL name, so
there's a config rename.
- Some test macros were renamed, for the video-related patches.
- Add some missing hunks for video damage series.
- Upstream Makefile adds another argument to the binman call.
- The SWIG related patch is merged upstream, drop it.
I'm not sure if src/u-boot/* directories are regenerated on new builds,
so it may be necessary to remove them manually after applying this.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Run diffconfig from Linux to track our modifications to the old upstream
defconfigs, so we can apply them to the new ones. Restore the original
defconfigs to highlight our changes here, and upstream changes in the
next commit. Done manually, but something like:
do_diff() {
ours="$1"
theirs="$2"
tree="$3"
diffconfig \
src/u-boot/${tree}/configs/${theirs}_defconfig \
config/u-boot/${ours}/config/default \
>config/u-boot/${ours}/config/diffconfig
cp src/u-boot/${tree}/configs/${theirs}_defconfig \
config/u-boot/${ours}/config/default
}
do_diff amd64coreboot coreboot64 x86_64
do_diff i386coreboot coreboot x86
do_diff gru_bob chromebook_bob default
do_diff gru_kevin chromebook_kevin default
do_diff qemu_arm64_12mb qemu_arm64 default
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Run `./mk -s u-boot` to convert our configs into defconfigs, so we can
keep our changes to the old upstream defconfigs and re-apply them to the
new upstream defconfigs.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
it's not necessary, and was the cause of a recent issue,
which i mitigated, but why mitigate it?
prevent bugs. don't use eval unless absolutely necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
see:
commit f0c629dcc6
Author: Leah Rowe <leah@libreboot.org>
Date: Sat Apr 12 13:51:49 2025 +0100
lib.sh: write version/versiondate to dotfiles
and this bug report:
https://codeberg.org/libreboot/lbmk/issues/284
The report indicates that the above commit broke bash,
when sh (on the user's system) is bash.
I know sometimes when using bash, I need to use the
back slash when dealing with dots, e.g. when grepping
something.
Also double quote references to dotfiles, e.g. when
directing the output of printf.
I never noticed the issue myself, since I use dash.
Signed-off-by: Leah Rowe <leah@libreboot.org>
If the mode string is empty, then it's a build command.
See commit:
commit b1ea416575
Author: Leah Rowe <leah@libreboot.org>
Date: Wed Apr 23 03:54:08 2025 +0100
mk: remove mkhelp() and use x_() instead
This commit removed the following check:
If mode isn't set, run an mkhelper, otherwise don't.
Because this simplification removed that behaviour,
running e.g. "./mk -m coreboot x200_8mb" would result
in the mkcorebootbin function being executed, which is
normally putting the coreboot rom together.
Since it wasn't built in this case, an error is thrown.
This change therefore restores the previous behaviour,
fixing the bug.
First reported in this error report:
https://codeberg.org/libreboot/lbmk/issues/306
This commit fixes the issue.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the command -v check has been removed, since this function
already calls git immediately, which would accomplish the
same thing since that causes an error if git isn't there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
setvars is always invoked with eval, so make the error
condition a message for eval, to ensure that it is reliably
handled, in case of error condition.
Signed-off-by: Leah Rowe <leah@libreboot.org>
one function, for one task. skeleton functions for
performing multiple tasks. that is the basic coding
style guideline for lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
On initialisation of the child instance, ./mk is
executed, but an error from it won't reveal what
command was actually executed.
This change makes that the case, since x_ does
print the command that caused an error.
This is useful for debugging. However, we don't
want x_ to cause a real exit, because we still
need to handle the lock file from the parent
instance.
Therefore, the first child instance is executed
inside a subshell, and xbmk_rval is set if that
subshell returns non-zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This fixes a problem, in that CMake 4.0 dropped compatibility
with CMake version 3.5; UEFIExtract/CMakeLists.txt had the line:
CMAKE_MINIMUM_REQUIRED(VERSION 3.1.0 FATAL_ERROR)
This is lower than 3.5.
The new version has this:
CMAKE_MINIMUM_REQUIRED(VERSION 3.22)
Which is higher than 3.5, in terms of version number.
This brings in the following upstream changes:
* a072527 Convert other uses of 0xABCD back to ABCDh
* a19aead Revert "Update hexadecimal numbers output format from ABCDh to 0xABCD" due to breaking downstream tools
* 7752279 Improve region access settings info for Intel v2 descriptor
* 6f6debb Add volume header info on NumBlocks and Length used to calcualte alternative size of it
* f64ba09 Minor fix for embedded QHexView on Windows
* 2b23bbd Implement Apple developer signing for macOS builds
* 9cc9518 Update hexadecimal numbers output format from ABCDh to 0xABCD
* 73d07cd Add Kaitai-based parser for Dell DVAR store
* c8b7151 Fix minor bug while presenting the EOF elemement of AppleSysF store
* 892111a Add new fields into Intel Microcode header
* 7cea8ee Remove outdated definition of FLASH_PARAMETERS
* c38ed92 Add missing header comments to goto*dialog.h
* 22bb757 Remove PATH_MAX from realpath
* d61d759 Make sure to wrap all uses of kaitai::kstream into try-catch blocks
* 7ef3719 Add initial support for Insyde H2O FlashDeviceMap rev4
* 97a85f9 Add Microsoft LZMA section GUID
* a077743 Bump version numbers
* 07742a5 Update GUID database
* a12be6b Address review comments
* 9719b0c Update copyright and authors in About UEFITool window
* fbf6afd Expand Type column of the report to fit new FlashDeviceMap store and entry types
* 3cb5dc0 Add SLIC pubkey and marker parsers
* fd0faea Add Phoenix CMDB parser
* 01e2e08 Add FFS volume parser for non-AMI NVRAM areas
* 4e2a8f6 Add Intel uCode parser
* 58366f4 Add Insyde Flash Device Map parser
* b98edf6 Add Phoenix EVSA parser
* f989fdf Add Phoenix FlashMap parser
* 4e600eb Add Apple SysF/Diag parser
* 2d6eaa9 Add EDK2 FTW parser
* ca7d4ca Add Insyde FDC parser
* 34904bd Add KaitaiStruct parsing of Phoenix VSS2
* 489b85f Rewrite VSS and VSS2 NVRAM variable parsers in KaitaiStruct
* 2661b8f Remove manual NVRAM parsing, add EDK2 VSS parser written in KaitaiStruct
* d91115f Also sign UEFIFind and UEFIExtract for macOS
* 0fae05c Add adhoc signature to UEFITool on macOS
* 5e6a1c7 Fix CFBundleIdentifier in UEFITool Info.plist
* 8d7e01c Make sure to initialize counterUncData
* b1ad055 Bump version numbers
* 7dd9014 Update GUID database
* 4e3fa58 Update QHexView, build it as a library for Qt6 builds
* 369f101 Enable building ffsparser_fuzzer during CI/CD, improve readUnaligned to silence Clang UBSAN
* ff42cec UEFIExtract: add support for extracting uncompressedData for tree items that have it
* c94f78a Add missing common/LZMA/SDK/C/7zWindows.h
* b5756f9 Revert old patch from common/LZMA/SDK/C/CpuArch.c
* 65fb4a8 Update LZMA SDK to 24.09
* e66bc7d Apply a small patch to common/zlib/gzguts.h to fix a build issue in macOS
* dcf21fa Update built-in zlib to 1.3.1
* 0af36bd Fix an issue with kaitai_regenerate.sh creating backup files on modern macOS
* fd76e89 Update README.md
* 427d8ec Update README.md
* a824260 Add MX77L12850F
* a777f1f Update main.yml
* 5f23377 Update main.yml
* 932120c Use x64 macos-13 runner for FreeBSD in main.yml
* a8c008c Update macos-12 to macos-latest in main.yml
* 6b853f8 Fix SonarCube Scan action version
* 66565a5 Try using new SonarCube scan action
* 371448d Enable long file paths for UEFIFind
* b0cd7fe Update upload-artifacts action to v4
* 4b868bb Remove CodeQL and PVS-Studio from main.yml
* 214b356 Add AMIC A25LQ64 to internal JEDEC ID database
* 0030ea9 Fix findPattern logic when pattern is at the end of the data
* 3441255 fix: add qt version limit to setDesktopFileName
* 941ee6c Set desktop file name to fix the missing icon when running under Wayland
* c550853 Defined ACCESSPERMS for musl
* bf93a5e Bump version numbers
* d03a8f2 Fixing FreeBSD action
* 0a88da1 Update guids.csv
* 6f9a4c0 Fix off-by-one error in parsing IFWI partition table
* e0b1e02 Update main.yml
* 161c697 Update main.yml
* 573452e Update main.yml
* 166c797 add Micron XM25RH128C
* 0e11189 fix a few misspellings
* daf5851 Update README.md
* 1cba371 Update guids.csv
* 4992474 Fix CPD Extension offset (reverts 29915ca)
* 29915ca Fix CPD Manifest's partition offset
The ACCESSPERMS patch has been removed, because upstream
already dealt with this. Libreboot had made the same fix
independently, without realising that upstream also did.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this matches cbmk, where inject.sh is the file name
this will make future cherry-picks of lbmk->cbmk easier
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is in prep for the next change, where non-init
functions will be moved to another file, again named
include/lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
a lot of init code was handled outside of any function. the
coding style used in the rest of the build system has now
been introduced, with xbmk_init being the main function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this was used alongside the xgcc linking, so that coreboot
trees could specify that another tree was to be downloaded.
since this variable will no longer be used, it should be
removed, to avoid dead code bloat.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the "xtree" variable is used by projects such as u-boot,
to export a CROSS_COMPILE variable specifying prefix for
gnu compilers, and for building the named coreboot tree.
for example, xtree can be "default", which is then the
coreboot tree downloaded, for use of crossgcc.
however, it is also used to symlink identical versions
of crossgcc between coreboot trees. this latter feature
was only needed for fam15h boards which were previously
split between two mostly identical coreboot trees, that
were later merged into a single tree, and this feature
is therefore no longer used.
remove this dead code, to reduce bloat in the build system.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In the previous revision, I make hardcoded use of
/usr/local/bin and /usr/bin as search locations, instead
of relying on PATH, when the user has a python venv, because
in those cases, we cannot rely on PATH so we use a python
command to detect the venv and then force use of the
normal system path for python.
However, there's no guarantee that the real Python will
indeed live at these locations. For example, some distros
like Nix or Guix will use many locations for different
versions of a given package, and it's for the birds as to
what given package version the user might be running.
Therefore, this patch retains that current hardcoded
assumption of /usr/local/bin and /usr/bin but *only* as
a fallback solution, instead checking realpath first.
The "realpath" command isn't technically POSIX standard,
but in practise it is available on GNU coreutils, Busybox,
and the various BSD userlands.
I could perhaps *import* a realpath utility, and use that,
but this should be fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
If the user has a virtual environment, the current logic
will cause lbmk to hang. A useful workaround is to force
use of the direct path to the system binary of python.
This works by detecting a virtual environment first, and
deferring to the old behaviour if no venv is found. If one
is found, then it will not rely on PATH, but instead only
search the standard locations /usr/local/bin and /usr/bin.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This prevents a build error, as the variable is no longer
used at all by coreboot (EHCI mapping is used as reference
instead).
Signed-off-by: Leah Rowe <leah@libreboot.org>
Also: hp8300cmt_16mb did not specify a data.vbt path, even
though it is indeed available in the coreboot tree. This
has been corrected.
The previous lack of VBT on hp8300cmt_16mb wasn't really a
big problem, since coreboot handles initialisation anyway,
and it's basically optional on Linux. Coreboot doesn't parse
VBT at all.
This patch should fix build errors, that were caused on the
recent revision update, where several of the HP desktops
have now been turned into variants.
Signed-off-by: Leah Rowe <leah@libreboot.org>
alper made a fix to this file a few hours ago, but
forgot to update the copyright header
i'm doing it for alper, as a courtesy
Signed-off-by: Leah Rowe <leah@libreboot.org>
this board became a variant, in the new coreboot revision that
lbmk recently updated to. fix the data.vbt path to prevent error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a file containing one byte, of value zero
i meant to add it in previous commits, for the resizing
and shrinking of tarballs when inserting or deleting
vendor files
used by include/vendor.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
Properly set $pyver to "3" when we detect we can use python3. In the
following version checks, use the $python we detected instead of a
'python' from PATH because the latter might be a python2 while still
co-existing with a python3.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
I also cherry-picked a patch from Heads, that fixes build
issues caused by the hacks in the T480 port; several changes
made by Mate are now ifdef'd based on whether a KabyLake
ThinkPad is specified in defconfig.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is currently the latest revision of coreboot.
Other coreboot trees to follow. The "next" tree will
also be merged with coreboot/default, in a follow-up
commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A number of regressions were caused by the recent CVE fixes,
many of which have since been fixed upstream. This includes
several ext4 file system bugs, which caused some systems not
to boot properly, when dealing with very large initramfs files.
No additional patching has been made. This will be tested, and
then used to provide a revision update for Libreboot 20241206.
After this, there are several additional OOT patches that will
be merged, for the next *testing release* of Libreboot.
Update to this revision, for all GRUB trees:
a4da71dafeea519b034beb159dfe80c486c2107c
This brings in the following changes from upstream:
* a4da71daf util/grub-install: Include raid5rec module for RAID 4 as well
* 223fcf808 loader/ia64/efi/linux: Reset grub_errno on failure to allocate
* 6504a8d4b lib/datetime: Specify license in emu module
* 8fef533cf configure: Add -mno-relax on riscv*
* 1fe094855 docs: Document the long options of tpm2_key_protect_init
* 6252eb97c INSTALL: Document the packages needed for TPM2 key protector tests
* 9d4b382aa docs: Update NV index mode of TPM2 key protector
* 2043b6899 tests/tpm2_key_protector_test: Add more NV index mode tests
* 9f66a4719 tests/tpm2_key_protector_test: Reset "ret" on fail
* b7d89e667 tests/tpm2_key_protector_test: Simplify the NV index mode test
* 5934bf51c util/grub-protect: Support NV index mode
* cd9cb944d tpm2_key_protector: Support NV index handles
* fa69deac5 tpm2_key_protector: Unseal key from a buffer
* 75c480885 tss2: Add TPM 2.0 NV index commands
* 041164d00 tss2: Fix the missing authCommand
* 46c9f3a8d tpm2_key_protector: Add tpm2_dump_pcr command
* 617dab9e4 tpm2_key_protector: Dump PCRs on policy fail
* 204a6ddfb loader/i386/linux: Update linux_kernel_params to match upstream
* 6b64f297e loader/xnu: Fix memory leak
* f94d257e8 fs/btrfs: Fix memory leaks
* 81146fb62 loader/i386/linux: Fix resource leak
* 1d0059447 lib/reloacator: Fix memory leaks
* f3f1fcecd disk/ldm: Fix memory leaks
* aae2ea619 fs/ntfs: Fix NULL pointer dereference and possible infinite loop
* 3b25e494d net/drivers/ieee1275/ofnet: Add missing grub_malloc()
* fee6081ec kern/ieee1275/init: Increase MIN_RMA size for CAS negotiation on PowerPC machines
* b66c6f918 fs/zfs: Fix a number of memory leaks in ZFS code
* 1d59f39b5 tests/util/grub-shell: Remove the work directory on successful run and debug is not on
* e0116f3bd tests/grub_cmd_cryptomount: Remove temporary directories if successful and debug is not on
* e6e2b73db tests/grub_cmd_cryptomount: Default TMPDIR to /tmp
* 32b02bb92 tests/grub_cmd_cryptomount: Cleanup the cryptsetup script unless debug is enabled
* c188ca5d5 tests: Cleanup generated files on expected failure in grub_cmd_cryptomount
* 50320c093 tests/util/grub-shell-luks-tester: Add missing line to create RET variable in cleanup
* bb6d3199b tests/util/grub-shell-luks-tester: Find cryptodisk by UUID
* 3fd163e45 tests/util/grub-shell: Default qemuopts to envvar $GRUB_QEMU_OPTS
* ff7f55307 disk/lvm: Add informational messages in error cases of ignored features
* a16b4304a disk/lvm: Add support for cachevol LV
* 9a37d6114 disk/lvm: Add support for integrity LV
* 6c14b87d6 lvm: Match all LVM segments before validation
* d34b9120e disk/lvm: Remove unused cache_pool
* 90848a1f7 disk/lvm: Make cache_lv more generic as ignored_feature_lv
* 488ac8bda commands/ls: Add directory header for dir args
* 096bf59e4 commands/ls: Print full paths for file args
* 90288fc48 commands/ls: Output path for single file arguments given with path
* 6337d84af commands/ls: Show modification time for file paths
* cbfb031b1 commands/ls: Merge print_files_long() and print_files() into print_file()
* 112d2069c commands/ls: Return proper GRUB_ERR_* for functions returning type grub_err_t
* da9740cd5 commands/acpi: Use options enum to index command options
* 1acf11fe4 docs: Capture additional commands restricted by lockdown
* 6a168afd3 docs: Document restricted filesystems in lockdown
* be0ae9583 loader/i386/bsd: Fix type passed for the kernel
* ee27f07a6 kern/partition: Unbreak support for nested partitions
* cb639acea lib/tss2/tss2_structs.h: Fix clang build - remove duplicate typedef
* 696e35b7f include/grub/mm.h: Remove duplicate inclusion of grub/err.h
* 187338f1a script/execute: Don't let trailing blank lines determine the return code
* ff173a1c0 gitignore: Ignore generated files from libtasn
* fbcc38891 util/grub.d/30_os-prober.in: Conditionally show or hide chain and efi menu entries
* 56ccc5ed5 util/grub.d/30_os-prober.in: Fix GRUB_OS_PROBER_SKIP_LIST for non-EFI
* 01f064064 docs: Do not reference non-existent --dumb option
* 3f440b5a5 docs: Replace @lbracechar{} and @rbracechar{} with @{ and @}
* f20988738 fs/xfs: Fix grub_xfs_iterate_dir() return value in case of failure
* 1ed2628b5 fs/xfs: Add new superblock features added in Linux 6.12/6.13
* 348cd416a fs/ext2: Rework out-of-bounds read for inline and external extents
* c730eddd2 disk/ahci: Remove conditional operator for endtime
* f0a08324d term/ns8250-spcr: Return if redirection is disabled
* 7161e2437 commands/file: Fix NULL dereference in the knetbsd tests
* 11b9c2dd0 gdb_helper: Typo hueristic
* 224aefd05 kern/efi/mm: Reset grub_mm_add_region_fn after ExitBootServices() call
* 531750f7b i386/tsc: The GRUB menu gets stuck due to unserialized rdtsc
* f2a1f66e7 kern/i386/tsc_pmtimer: The GRUB menu gets stuck due to failed calibration
* 13f005ed8 loader/i386/linux: Fix cleanup if kernel doesn't support 64-bit addressing
Signed-off-by: Leah Rowe <leah@libreboot.org>
initialising variables, setting PWD, setting version,
this is all unnecessary before the root check, because
the dependencies commands use none of these.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk creates TMPDIR as /tmp/xbmk_*, but it's theoretically
possible that something could re-export it by mistake.
this change retains the same initialisation, but further
use is now via a new variable "xbmktmp", that stores the
value of TMPDIR upon lbmk's initialisation of it.
this reduces the chance of such a bug in the future, as
described above, so it is a preemptive/preventative fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the next part checks whether the file is below 512k,
so there's no point checking if it's below 2, because
the lowest a file size can be is zero, and expr will
produce a result of -1 if decrementing from zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
merge it with git_prep, since it's only a small
function and only called from there. the merged
code still makes sense and its purpose is still
quite clear on casual reading.
Signed-off-by: Leah Rowe <leah@libreboot.org>
merge it with git_prep, since it's only a tiny
function and only called from there. the for
loop moved to the if block still makes sense
on casual reading.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the "u" argument can actually be any thing. git_prep
handles git submodules only for single-tree projects,
under any candition, or on multi-tree projects if
the number of arguments to git_prep is above four.
"u" is the 5th argument, meant to enable submodule
downloads. it really doesn't matter what this string
says, so let's just make it as clear as possible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the combination of x_ with the "e" function enables
for much simpler file-check error handling, which is
a unique innovation of lbmk as it pertains to sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the cbfs function will call cbfstool, which will perform
the same check, and the same error condition would cause
the same exit behaviour in lbmk. the error message would
also provide output that is just as useful for debugging.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There was no error handling, *at all*, on the actual tar
command, due to the lack of set -o pipefail, which we cannot
rely on in sh.
The x_ wrapper can be used in this case, as a mitigation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it wouldn't exit with error status anyway, since i'm
setting +e here, but if that accidentally changed in
the future, i still wouldn't want this to exit.
the bruteforce me extraction naturally throws a lot of
errors, hence +e, because of how the extraction works,
but the result is checked at the end of the process,
to compensate. hence +e, because otherwise this brute
force extraction would never work.
therefore, this is an extremely theoretical bug fix, the
most quintessential of preemptive bug fixes, to the point
that it is actually rather pedantic.
The ":" in "|| :" will likely *never* be executed, but it
handles the theoretical case where the subshell exits with
non-zero status and +e is set; subshells aren't meant to
behave this way anyway, but who knows what cursed sh
implementation the user is on?
Signed-off-by: Leah Rowe <leah@libreboot.org>
We can't do set -o pipefail in POSIX sh, which we're using,
but the build system has x_ which wraps around a command
and executes it, exiting with non-zero status if it does.
This fact enables lbmk to have functionality that is actually
superior to pipefail, since you can more easily control
specifically which parts error.
For example:
foo | bar | foo2 | bar2 | $err "error"
ERROR exits with non-zero status, but foo2, bar and foo
would not exit on error, only bar2 would. In *bash*, which
we avoid, set -o pipefail would make all of them exit on
error, but what if you wanted "bar" to not exit?
With lbmk, you could do, in the above example, and with the
above question asked ("what if you wanted bar not to exit"):
x_ foo | bar | x_ foo2 | bar2 > file | $err "error"
of course, you could also do, if not outputting to "file":
x_ foo | bar | x_ foo2 | x_ bar2
NOTE: in lbmk, $err is a variable containing the name of
a function that does something (whatever you want) and
then exits with non-zero status.
This entire explanation is beyond the scope of simply
providing (and explaining) this fix, but I also wanted to
use this commit as an example of the power of lbmk with
regards to POSIX shell scripting.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in these if clauses, what follows afterward is exactly
the same: set xchanged and return.
Therefore, these lines are redundant and they can be
removed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This change finally ensures that no insertions will be
attempted, on the basis that readkconfig failed; this
covers the instance whereby vcfg was set, but no scanned
items were indicated e.g. Intel ME files not specified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This should speed up automated tests. Otherwise, it goes
through all the extra checks that aren't needed, for each
individual type of vendor file, and also errors out when
handling pico serprog images; during automated testing,
on the bin directory, you might try on every tarball, one
of which is the pico tarball and this patch makes lbmk skip
that one too.
In general, we must not perform unnecessary tasks. Doing so
may even cause other bugs that we couldn't easily detect.
Signed-off-by: Leah Rowe <leah@libreboot.org>
x_ cannot be used, where output is redirectod to a file;
only the conventional piping can be used.
same as the last change. this and the other fix were caught
during testing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
x_ cannot be used, where output is redirected to a file;
only the convention piping can be used, for errors.
relying on x_ in these cases will cause unpredictable bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i can't call $err (variable), because it's set
to fail_inject. fix this infinite loop, which
was an oversight in the previous commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I was using a complicated method of knowing whether
the current instance was parent or a child, to know
whether the lock file and TMPDIR needed to be purged.
It was quite error-prone too. Instead, I'm now handling
it directly from within the if statement that previously
initialised xbmk_parent=y, forking ./mk from there.
The forked instance would not trigger that if clause
again, since then TMPDIR is created, thus avoiding
recursion.
This is an improvement because it doesn't rely on how
the parent handles exit statuses, and it ensures that
the lock/tmp files are never accidentally deleted.
Even if a given program/script that lbmk runs would
export TMPDIR, it doesn't matter because lbmk doesn't,
so it would be unaffected.
Signed-off-by: Leah Rowe <leah@libreboot.org>
because the top-down function order isn't as reliable
in lib.sh, since this is what first runs, included
in every other script
Signed-off-by: Leah Rowe <leah@libreboot.org>
script/ no longer exists. this means that the
only executable script in lbmk is now mk.
script/trees was never called directly; instead,
we used ./update trees in the past, then just ./mk.
this is part of a larger audit to simplify lbmk,
in preparation for the next Libreboot release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
write to .version and .versiondate, instead
of version and versiondate.
this will hide them to avoid visual clutter while
analysing files within lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these are obsolete commands for backward compatibility,
but they are being removed before the next release.
the documentation has for some now only referenced use
of the ./mk commands, making lbmk live up to its name!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i'm removing all the backward-compatibility in the
build system, so that only the ./mk command is available
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, the current return prevents set -u -e
after the case/switch block, which is a problem if
set +u +e was done at any point before the return.
Remove the return in the roms) section of the case/switch
block, and make the building of coreboot images part of
an else clause.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, the error message will never be incorrect,
which i had to fix in a recent patch.
now, the same string is used for error messages and getopt.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is not necessary. the fetch mode is still handled,
as before, and no make commands will run in this case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of running pwd all the time, run it once in lib.sh,
and export PWD.
for lbmk-specific use of PWD, use xbmkpwd, which contains
the value of PWD as was set by the pwd utility in lib.sh.
many parts of lbmk rely on pwd, and it *must* be correct.
this change adds basic error handling, since pwd can in
fact return errors in some cases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's incorrect for PATH not to be set, but some users
may foolishly blank it out before running lbmk.
prevent such issues, by initialising it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
PWD could be anything, if the user manually exported
it before running lbmk.
always run pwd instead, to get the real string.
Signed-off-by: Leah Rowe <leah@libreboot.org>
several code lines were condensed together, which
make them less readable. make the code more readable
by having separate commands on separate lines.
i previously did this during my manic build system
audits of 2023 and 2024; condensing lines like this
is overly pedantic and serves no real purpose.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The "mode" variable is used as a suffix for make commands,
for example ./mk -m sets mode to "menuconfig", which means
you want to run "make menuconfig".
When fetching sources (./mk -f), I was setting mode to "fetch",
and putting checks in code to avoid use of make when mode was
set to "fetch".
The behaviour now is identical, except that a new variable
called "do_make" is set to "n" when doing ./mk -f, otherwise
set to "y", and this is checked instead. This should make
the meaning of the code somewhat clearer.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I was importing a patch for the z790 boards, but
Libreboot doesn't support this board yet, and the
patch was a hack that may affect other boards.
When I do later merge that board, and I find that the
hack is needed, I'll simply make another grub tree
within lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
_fsp is obsolete. people should use _vfsp
_fsp was kept for a short while, for backward compatibility,
but nobody really uses it now and it just causes confusion
Signed-off-by: Leah Rowe <leah@libreboot.org>
You can find information about these patches here:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
GRUB has been on a crusade as of late, to proactively audit
and fix many security vulnerabilities. This lbmk change brings
in a comprehensive series of patches that fix bugs ranging from
possible buffer overflows, use-after frees, null derefs and so on.
These changes are critical, so a revision release *will* be issued,
for the Libreboot 20241206 release series.
This change imports the following 73 patches which
are present on the upstream GRUB repository (commit IDs
matched to upstream):
* 4dc616657 loader/i386/bsd: Use safe math to avoid underflow
* 490a6ab71 loader/i386/linux: Cast left shift to grub_uint32_t
* a8d6b0633 kern/misc: Add sanity check after grub_strtoul() call
* 8e6e87e79 kern/partition: Add sanity check after grub_strtoul() call
* 5b36a5210 normal/menu: Use safe math to avoid an integer overflow
* 9907d9c27 bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t
* f8795cde2 misc: Ensure consistent overflow error messages
* 66733f7c7 osdep/unix/getroot: Fix potential underflow
* d13b6e8eb script/execute: Fix potential underflow and NULL dereference
* e3c578a56 fs/sfs: Check if allocated memory is NULL
* 1c06ec900 net: Check if returned pointer for allocated memory is NULL
* dee2c14fd net: Prevent overflows when allocating memory for arrays
* 4beeff8a3 net: Use safe math macros to prevent overflows
* dd6a4c8d1 fs/zfs: Add missing NULL check after grub_strdup() call
* 13065f69d fs/zfs: Check if returned pointer for allocated memory is NULL
* 7f38e32c7 fs/zfs: Prevent overflows when allocating memory for arrays
* 88e491a0f fs/zfs: Use safe math macros to prevent overflows
* cde9f7f33 fs: Prevent overflows when assigning returned values from read_number()
* 84bc0a9a6 fs: Prevent overflows when allocating memory for arrays
* 6608163b0 fs: Use safe math macros to prevent overflows
* fbaddcca5 disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails
* 33bd6b5ac disk: Check if returned pointer for allocated memory is NULL
* d8151f983 disk: Prevent overflows when allocating memory for arrays
* c407724da disk: Use safe math macros to prevent overflows
* c4bc55da2 fs: Disable many filesystems under lockdown
* 26db66050 fs/bfs: Disable under lockdown
* 5f31164ae commands/hexdump: Disable memory reading in lockdown mode
* 340e4d058 commands/memrw: Disable memory reading in lockdown mode
* 34824806a commands/minicmd: Block the dump command in lockdown mode
* c68b7d236 commands/test: Stack overflow due to unlimited recursion depth
* dad8f5029 commands/read: Fix an integer overflow when supplying more than 2^31 characters
* b970a5ed9 gettext: Integer overflow leads to heap OOB write
* 09bd6eb58 gettext: Integer overflow leads to heap OOB write or read
* 7580addfc gettext: Remove variables hooks on module unload
* 9c1619773 normal: Remove variables hooks on module unload
* 2123c5bca commands/pgp: Unregister the "check_signatures" hooks on module unload
* 0bf56bce4 commands/ls: Fix NULL dereference
* 05be856a8 commands/extcmd: Missing check for failed allocation
* 98ad84328 kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols()
* d72208423 kern/dl: Use correct segment in grub_dl_set_mem_attrs()
* 500e5fdd8 kern/dl: Fix for an integer overflow in grub_dl_ref()
* 2c34af908 video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
* 0707accab net/tftp: Fix stack buffer overflow in tftp_open()
* 5eef88152 net: Fix OOB write in grub_net_search_config_file()
* aa8b4d7fa net: Remove variables hooks when interface is unregisted
* a1dd8e59d net: Unregister net_default_ip and net_default_mac variables hooks on unload
* d8a937cca script/execute: Limit the recursion depth
* 8a7103fdd kern/partition: Limit recursion in part_iterate()
* 18212f064 kern/disk: Limit recursion depth
* 67f70f70a disk/loopback: Reference tracking for the loopback
* 13febd78d disk/cryptodisk: Require authentication after TPM unlock for CLI access
* 16f196874 kern/file: Implement filesystem reference counting
* a79106872 kern/file: Ensure file->data is set
* d1d6b7ea5 fs/xfs: Ensuring failing to mount sets a grub_errno
* 6ccc77b59 fs/xfs: Fix out-of-bounds read
* 067b6d225 fs/ntfs: Implement attribute verification
* 048777bc2 fs/ntfs: Use a helper function to access attributes
* 237a71184 fs/ntfs: Track the end of the MFT attribute buffer
* aff263187 fs/ntfs: Fix out-of-bounds read
* 7e2f750f0 fs/ext2: Fix out-of-bounds read for inline extents
* edd995a26 fs/jfs: Inconsistent signed/unsigned types usage in return values
* bd999310f fs/jfs: Use full 40 bits offset and address for a data extent
* ab09fd053 fs/jfs: Fix OOB read caused by invalid dir slot index
* 66175696f fs/jfs: Fix OOB read in jfs_getent()
* 1443833a9 fs/iso9660: Fix invalid free
* 965db5970 fs/iso9660: Set a grub_errno if mount fails
* f7c070a2e fs/hfsplus: Set a grub_errno if mount fails
* 563436258 fs/f2fs: Set a grub_errno if mount fails
* 0087bc690 fs/tar: Integer overflow leads to heap OOB write
* 2c8ac08c9 fs/tar: Initialize name in grub_cpio_find_file()
* 417547c10 fs/hfs: Fix stack OOB write with grub_strcpy()
* c1a291b01 fs/ufs: Fix a heap OOB write
* ea703528a misc: Implement grub_strlcpy()
Signed-off-by: Leah Rowe <leah@libreboot.org>
I think newlines look better here. The indent that bullet-pointed lists
have, does not seem natural at the start of the document.
Signed-off-by: runxiyu <me@runxiyu.org>
SeaBIOS has been supported for a long time and seems to be the
"recommended" payload nowadays (though usually with GRUB too). I haven't
seen Tianocore / EDK II been mentioned in a while. U-Boot support was
added as of Libreboot 20241206-rev8.
Signed-off-by: Runxi Yu <me@runxiyu.org>
after setting the checksum too
this is functionally no different, but setting it
at the start didn't sit right with me.
it's more logically correct to set it at the end,
in case any error did not result in an exit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We're checking if errno is ENOTDIR, not setting it;
the previous code would always return true, and then
set errno 0, which in the context of this code was
actually OK, so this patch makes no functional difference
in practise.
However, I'm a stickler for technical correctness. I caught
this when trying to compile with clang, because clang is
quite pedantic about checking for exactly this type of bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
previously, if the user ran:
./nvm GBE [MAC address]
it would error, treating the MAC as a command
now if only 3 arguments are provided, and the
3rd argument ins't a valid command, it's treated
as a MAC address and validated accordingly.
this should make nvmutil easier to use, because
I imagine a lot of users forget to use setmac
there's no reason we should be so pedantic. we
should allow it to be used flexibly like this
Signed-off-by: Leah Rowe <leah@libreboot.org>
On the 16KB and 128KB files, we still only need to
operate on 4KB at the start of each block, where the
block size is larger than 4KB.
The reason we deal with the entire 4KB block is because
the nvm words (in the 128 byte section) can define an
extended nvm area anywhere after 128 bytes, within the
128 byte block.
We could systematically read where that is being handled,
and handle it; we could then allocate less memory, and
read/write fewer bytes, but many block devices like SSDs
and flash drives have at least a 4KB erase block anyway,
so it's kinda pointless. saving memory would be nice, but
I don't really want to bloat the code.
This is a nice easy optimisation, to avoid wasting an
additional 8KB of memory when handling 16KB files, and
additional 120KB if handling 128KB files, since nf is
what determines how much memory will be allocated.
the alternative would be to use an mmap, and then we
could reasonably handle the idea above for only writing,
surgically, what we need: nvm words and extended nvm
words.
Signed-off-by: Leah Rowe <leah@libreboot.org>
./nvm gbe.bin
with this patch, the above example does the same as:
./nvm gbe.bin setmac
now you can simply specify the gbe file, and it will
randomise the mac address within it, and update the
nvm checksum word.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, we still get an error exit for example
when trying to invalidate an already invalid
checksum; this error exit was disabled by the
last revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is for user friendliness. Otherwise, many users
might try to dump afterward if they specified a random
MAC address.
This saves the user from having to re-run with the dump
command, thus saving time for the user.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of setting errno in the for loop, set a variable
declaring that the mac was updated, and reset errno based
on that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if checksum verification passed, then we should reset
in case we're operating on a given part and the last
one checked was bad.
a catch-all reset is already performed in writeGbe,
but it's good to do it here too.
in practise, if the 2nd part (part 1) is what failed,
errno still wouldn't be reset.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it will probably never happen, and this is technically
not an error condition of pread/pwrite, but we need it
to read and write that exact number of bytes, as per nf
Signed-off-by: Leah Rowe <leah@libreboot.org>
it wouldn't occur, on the current logic, but i wasn't
comfortable having the starting point (on little endian)
being higher than the checked endpoint, in case of
possible integer overflow as a result of future
modifications.
this is therefore a pre-emptive bug fix, because it doesn't
yet fix a bug, but it prevents a bug from being introduced.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The 128-byte nvm area is all that we need to handle,
since that is the only thing we actually work on in
nvmutil, based on checksum verification; the latter
implies that bytes must be in the correct order.
The swap() function previously worked on the entire
block, e.g. 4KB on 8KB files, 8KB on 16KB files and
64KB on 128KB files, and it did this twice, so it would
have operated on anywhere between 8KB to 128KB of data.
It now only operates on 256 bytes at a maximum, or 128
bytes if only handling one block. This is a significant
performance optimisation, on big endian host CPUs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
previous audits sizecoded nvmutil.c, reducing the sloccount,
but this resulted in unreadable code.
move the swap logic (swap parts) back to its own function,
for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also cmd_brick
where the checksum is being corrected or bricked, we
only need to handle the 128-byte nvm area on one of
the parts
similarly, we only need to allocate half the gbe file
size when doing a copy command.
256 bytes still allocated for setmac (see previous
commit), because we verify both checksums and set both
parts if possible.
with this, nvmutil is now much more memory-efficient.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Allocate memory based on nf instead of partsize.
nf is the number of bytes actually read from each
part of the file.
Now if the user is running setmac for example,
256 bytes of memory will be allocated regardless
of gbe file size, whereas it would have previously
allocated 8KB, 16KB or 128KB depending on the file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were allocating 128KB even if we only needed 8KB, for
example. It's not a lot of memory, but the principle of
the matter is that we must respect the user by not wasting
their memory.
The design of nvmutil is that it will never overflow, because
operations are mapped in memory to the exact size of the gbe
file, which can be 8KB, 16KB or 128KB, and this is enforced.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The buf variable is only used once, and only so
that we can get a pointer. We can point to buf16
instead, for the same result.
The gbe pointer (size_t) is later converter to
a char * when writing back to the file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
For example, if the brick command is used without specifying
a part number. Instead of saying "Invalid argument", show a
much more useful error message to help the user adapt.
Signed-off-by: Leah Rowe <leah@libreboot.org>
call pledge *much* earlier, and and lock everything down
much sooner. the point of pledge/unveil is precisely that
your program must operate under the most restrictive set
of conditions possible, and still function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
tell the user exactly what they got wrong, instead
of simply printing "bad mac address", which is not
very helpful to the user
Signed-off-by: Leah Rowe <leah@libreboot.org>
See:
https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-mobile-p/intel-600-series-chipset-family-on-package-platform-controller-hub-pch-datash/spi0-for-flash/
The rules described there are universal, and replicated elsewhere
for many other platforms. The rules are simply:
* Flash descriptor is one block size, e.g. 4KB
* GbE is two block sizes, so if IfD is 4KB, GbE is 8KB
Intel defines 16KB and 128KB GbE files in specs, pertaining to
8KB and 64KB block sizes respectively.
The minimum size is 4KB blocksize, for 8KB GbE files which
we already supported. On larger block sizes, the same 4KB
parts are observed: a single 4KB IfD area at the start of
the block, and:
4KB GbE part at the start of the GbE region, and:
4KB GbE part at the start of GbE region plus block size
The empty space inbetween is padding, and we ignore it,
except when running swap/copy commands.
The nvmutil code has been modified, to create a 128KB buffer in
memory instead of 8KB, for loading GbE files.
Partsize is set to GbE file size divided by 2, and only the
area of memory we need to use is mapped; for example, if
we're loading a 8KB GbE file into memory, we only touch
the first 8KB part of the buffer, or first 16KB for 128KB
files.
In practise, we almost never see GbE files with sizes higher
than 8KB, but *we have seen it*, *AND NOW IT'S SUPPORTED!"
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were checking directories *after* calling unveil, which
means that the sandboxing was incomplete; we only want files
to be accessed, not directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A lot of size-coding was performed in prior audits, to
make the sloccount lower on nvmutil, but this resulted in
code that wasn't very human readable.
I've reversed some of it and added comments, for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user might have boot their kernel inside luks
inside lvm for some dumb reason
it's theoretically possible that the user would be
so silly indeed
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were scanning a hardcoded set up LVM volumes, so in practise,
LVM boot didn't really work. We did this because scanning for
asterisk is slow on some machines. However, since LVM is the last
one, and since most users don't boot directly from LVM, it wasn't
that much of an issue in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were previously not handling picotool at all, and
pico-sdk would download picotool itself, at build time.
This means that the source archive, if created, would
not contain picotool. While not strictly required, for
complete corresponding source, since it's a toolchain
and not the actual pico-serprog firmware, it is my policy
that releases must include full corresponding source code,
when it is feasible to do so.
I must say, I intensely dislike cmake, with such burning
passion; I am thoroughly displeased by how hacky this is,
but it works and now nothing is in my way for a Libreboot
20241206 rev8 release!
Signed-off-by: Leah Rowe <leah@libreboot.org>
See:
https://docs.python.org/3/library/sys.html#sys.version_info
The sys.version_info tuple is a more reliable way to
get the version. Our previous logic assumed that Python
would always output "Python versionnumber", but this may
not always be how it works. We've seen this for example
where Debian modifies some GNU toolchains to include Debian
something in the output.
Python has a standard method built in for outputting exact
the information we need. In my system, what I got was this:
(3, 11, 2, 'final', 0)
That output was from running this command:
python -c 'import sys; print(sys.version_info[:])'
This is much more robust, so use this instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Backlight controls already worked on the T480/T480s, if you
used software-based controls e.g. set a hotkey for
xbacklight, but the actual Fn buttons on the keyboard did
not function at all; this patch fixes that issue
This also fixes LEDs on T480, on warm reboot, which are
otherwise off. It sets them back to the state they were
at on cold boot.
Both fixes are from Mate Kukri in the new T480 patchset.
In addition to these fixes, Mate made several code quality
improvements as part of efforts to upstream this code into
coreboot's main branch.
Updated coreboot T480 patchset to patchset 25. This change
will be reflected next in a modification to the Libreboot
documentation.
I had to make several other fixes on top of this; see diff.
A debug option was being enabled relating to stack overflow
detection, which we ought to avoid to mitigate over-zealous
build errors and stack corruption at boot; an errant option
for an EC we don't use was also being enabled, by some code
in coreboot relating to a Dasharo board; both issues have
been mitigated in this lbmk patch, by patching the upstream
coreboot build system in this patch.
As part of this change, the coreboot/next tree within lbmk
has been updated. Existing patches have been rebased.
This brings in the following changes from upstream, relative
to the previous revision used on coreboot/next:
* 2f1e4e5e85 mb/hp/snb_ivb_desktops/z220*: Remove leftover old usb configurations
* 9e859154ea mb/hp/snb_ivb_desktops: Remove unused includes
* 70b33cb38d ec/google/chromeec/acpi: Add support for generic LPC memory range
* f2ad73b5d1 mb/google/rauru: Raise little core CPU frequency from 700MHz to 2.4GHz
* 044017b4cd mb/google/rauru: Initialize PMICs in romstage
* 397c3e3c52 mb/google/fatcat/var/fatcat: Add touchpad wake source
* e18f0f53cb mb/google/fatcat/var/fatcat: Change touchpad interrupt to edge trigger
* a8b4ee246d mb/google/nissa/var/rull: Configure Acoustic noise mitigation
* c09fd09edf tree: Use "true", "false" for has_power_resource
* 1e64875265 mb/google/fatcat: Remove unused <stdio.h>
* f316ab6796 mb/google/fatcat/var/francka: Fix early pad configuration for TPM
* 6ca2c3c415 soc/mediatek/mt8196: Fix indentation in Makefile.mk
* 94c1307fdb soc/mediatek/mt8196: Add dynamic power-saving for peripheral clocks
* 67b140a949 tree: Use "true", "false" for fine_grained_control
* 97923aebe1 mb/prodrive/atlas: Add initial support for options
* 1a16146795 Fix up CFR's open issues
* 7e8d8cdea2 mb/google/rauru: Initialize SPM
* 3153432b83 soc/intel/alderlake: Add function to force disable memory channels
* 8ea2b0ab46 mb/google/fatcat/var/francka: Use RAM ID 2 for MT62F2G32D4DS-020 WT:F
* 5f600a8ee9 mb/google/fatcat: Limit Power Limit when battery is missing
* 5213646241 ec/google/chromeec: Add function to detect barrel charger
* 5ef70e5f22 ec/google/chromeec: Add API to check if battery is critically low
* 42fd35b486 ec/google/chromeec: Add API to check if charger is present
* 56370d0283 ec/google/chromeec: Add API to check if a USB PD charger is attached
* 001e7a0b45 soc/mediatek/mt8196: Add MT6685 Clock IC driver
* 5852841ca7 soc/intel/meteorlake: Use ASPM helpers from Alder Lake
* b04f057efd mb/google/rex/var/kanix: Add Synaptics touchpad
* af0c2e7a2e mb/prodrive/atlas: Remove the workaround for CLKREQ pins
* 13316c644b mb/google/fatcat/var/fatcat: Modify interrupt GPIO for LPSS I2C touchpad
* 825e9173b4 soc/mediatek: Distinguish pmic_init_setting function name
* d65ff8492c soc/intel/xeon_sp/spr/acpi: Fix regression
* 291778a1bd mb/google/corsola: Add new board variant Wyrdeer
* 745dcc861d mb/google/corsola: Refactor mipi_panel_power_on function
* 79f60c6b22 mb/google/nissa/var/telith: Disable stylus function
* d7934bdd53 Doc/soc/amd/family15h: Fix URLs to AMD documents
* 3cb7db4075 soc/mediatek/mt8196: Add PMIC MT6316 driver
* 60bce10750 drivers/mipi: Add support for KD_KD110N11_51IE panel
* d4c80054a4 soc/mediatek/mt8189: Enable timer compensation v2.5
* 403846f177 soc/mediatek/mt8196: Define MFGPLL_*_BASE using MFGSYS_BASE
* b3edaa7b10 mb/google/rauru: Implement SKU ID
* b470b48718 mb/google/rauru: Add support for getting storage id
* 24a5048948 mb/google/nissa/var/pujjo: Add new supported memory part
* c6e27c5fbf mb/google/nissa/var/rull: Add G2 touchscreen to devicetree
* 639def1d84 mb/google/fatcat/var/fatcat: Enable FPS
* acb8c870b2 mb/google/fatcat: Suppress unnecessary extra space in device trees
* d79ba5565d mb/google/nissa/var/telith: Modify PLD for typeC and typeA
* 620d2fab06 soc/mediatek/mt8189: Replace SPDX identifiers to GPL-2.0-only OR MIT
* d90b1322ab commonlib: Refactor CSE sync eventLog
* 4ef6c13b38 mb/google/brya: Adjust EC memory map range to support indexed IO
* 1e90bbadfa ec/google/chromeec: Add indexed IO support
* a8ab708584 mb/google/nissa/var/quandiso2: Create a quandiso2 variant
* 78f610a0ae util/docker/doc.coreboot.org: Allow git to work in envs owned by root
* 38ee22f6da util/docker/doc.coreboot.org: Use Alpine minor instead of point releases
* 0196c3b6a4 util/docker/doc.coreboot.org: Get rid of bash workarounds
* 897b46693b util/docker/doc.coreboot.org: Don't create volumes
* a0c45cbf1f 3rdparty/fsp: Update submodule to upstream master
* aa562d2881 soc/mediatek/mt8189: Add GPIO driver
* 40a863cd60 soc/mediatek/mt8189: Initialize watchdog
* 1380ed0cd2 soc/mediatek: Add support for MediaTek firmware support package
* 4f92943c89 soc/mediatek/common: Rename GPT_MHZ to TIMER_MHZ for readability
* 5a73692e0c soc/mediatek/mt8196: Add SPM loader
* 306660c2de util/crossgcc: Update CMake from 3.30.2 to 3.31.3
* f3adc74e44 mb/google/fatcat: Keep GSPIx interface default PCI
* 809e704101 soc/intel/pantherlake: Rename GSPI2 to GSPI0A
* 222ef676f9 soc/intel/pantherlake: Add ACPI name for GSPI2
* 1fda7027c0 util/crossgcc: Update ACPICA from 20230628 to 20241212
* e35175bb38 Update vboot submodule to upstream main
* 9eb4c5aff8 util/ifdtool: Fix memory leaks
* 87ae3573b5 mb/starlabs/starlite_adl: Configure GPIO interrupt for Virtual Button
* eaf87422b1 ec/starlabs/merlin: Add Intel Virtual Button Driver for Tablet Mode
* a1532790b9 docs: Add 24.12 release notes
* 8c0df740c7 mb/google/nissa/var/gothrax: Add probe and GPIO config for HDMI and touchpanel
* f6fcff5511 docs/security/vboot: Update supported boards
* 0dba17da0c mb/google/brya/uldrenite: Add WWAN RW350R-GL power on sequence
* 2c4af7cd29 mb/topton/adl: Enable TPM2 (Intel fTPM/PTT)
* c11558d4c7 mb/asus/p8z77-m: Drop GPIO by I/O
* 4f1a1adef6 mb/topton/adl: Disable mapped SATA port
* 81cbe11361 mb/asus/p8z77-m: Revert SIO IRQ settings carried from OEM
* 9578c67c77 mb/google/brox: Include CSE reset in mainboard reset expectation
* 5af5e66686 util/cbfstool: eliminate late sign of life event
* 0797c40d52 src/soc/intel/cmn/blk/cse: Log cse sync information
* 9a15a1ed21 soc/intel: Log CSE Sync Early Sign of Life event from a better place
* c812c78618 mb/trulo/var/uldrenite: Support USB_OC on the A0 port
* ee1a766f05 mb/trulo/var/uldrenite: Set GPP_B5 and B6 to ISH function
* 87c9d93a62 mb/google/skywalker: Add MediaTek MT8189 reference board
* 6bd51ce42a soc/mediatek/mt8189: Add a stub implementation of MT8189 SoC
* ea646c0514 mb/google/rauru: Add pwrsel init in romstage
* c3265da005 soc/mediatek/mt8196: Add pwrsel driver
* 30d8e1880a ec/google/chromeec: Publish LPC GMR address range via CREC _CRS
* bb85775d92 soc/intel/cmn/acpi: Add ACPI method to get LGMR address
* 84347d0b45 payloads/Linuxboot: Fix u-root build
* 7bcec7a2ef payloads/LinuxBoot: Build x86_64 with host toolchain
* e3150e819d util/crossgcc: Add libstdcxx target
* 61385c4976 soc/mediatek/common: Move SPM_SYSTEM_BASE_OFFSET to soc folders
* 6625dee027 soc/mediatek/common: Use array to represent spm_sw_rsv registers
* cd8d6861f6 soc/mediatek/common: Move some functions to spm_v1.c
* 91fe658714 drivers/option: Add forms in cbtables
* 4d4776f320 mb/emulation/qemu-sbsa: Configure flash region for MMU
* dfef1895f2 mainboard: Add MiTAC Computing Whitestone-2 (LGA-4677)
* caf8f9f60f mb/google/brya/var/uldrenite: Enable PMC, HECI and SRAM devices
* b668c756bf mb/trulo/var/uldrenite: Configure audio (max9360a, rt5682)
* 941f994809 mb/trulo/var/uldrenite: Configure Network
* 600e7810fb mb/trulo/var/uldrenite: Configure USB ports and mapping
* 0261cbe8e9 mb/trulo/var/uldrenite: Configure serial_io and I2C
* 113205bcd1 mb/trulo/var/uldrenite: Enable eMMC and DLL tuning parameters
* 0dd227f9c1 mb/trulo/var/uldrenite: Enable DPTF, S0ix and configure FIVR setting
* 0ce153c8df mb/google/nissa/var/rull: For probe, change unprovisioned to unknown
* b57308f437 mb/google/rauru: Add SD card configurations
* e969a3df87 soc/mediatek/mt8196: Add SD card configurations
* 8be835ce3c soc/mediatek/mt8196: Add tracker driver
* 78560f9958 soc/mediatek/mt8196: Add MMinfra driver support
* 0b252ef8b4 util/mtkheader: Add GFH header for mt8189 bootblock code
* 540eb5ba73 cpu/qemu: Enable IDT_IN_EVERY_STAGE
* f9d6fd4e0f soc/intel/xeon_sp: Enable IDT_IN_EVERY_STAGE
* c3dee9eaba cpu/intel/car/romstage: Fix false-positive stack corruption
* b659fb5cea mb/ocp/tiogapass: Wait for BMC
* 7c0556244d drivers/wifi: Update Drive Strength BRI Rsp Table revision
* 70bdd2e1fa cpu/x86/topology: Simplify CPU topology initialization
* 3a2ffba231 soc/intel/xeon_sp: Introduce early_pch_init
* 48ed4b0f85 soc/intel/xeon_sp/lbg: Add support to hide HDA
* a857c81122 arch/x86: Disable DEBUG_STACK_OVERFLOW_BREAKPOINTS_IN_ALL_STAGES
* 45dabe846d mb/google/brox: Apply ISH_FW_VERSION in Kconfig
* e0b1a0dbec vc/intel/fsp/mtl: Update MTL fsp header files from 3471_91 to 4122_21
* c20fd2fc3f 3rdparty/fsp: Update submodule to upstream master
* e5b5fc345a soc/intel/xeon_sp: Improve PCI INTx IRQ routing for Gen6
* 673075f102 util/cbfstool: Add eventLog support for ELOG_TYPE_FW_CSE_SYNC
* 3235b7c6d5 commonlib: Add ELOG_TYPE_FW_CSE_SYNC eventLog type
* 4a0c49e671 soc/intel/pantherlake: Keep image clock configuration enable
* 51cc2bacb6 soc/intel/pantherlake: Disable stack overflow debug options
* eeb6f67eec Docs: Convert bare URLs into hyperlinks
* 2609519704 mb/google/rauru: Implement regulator interface
* 8c6426c1b4 soc/mediatek/mt8196: Add PMIC MT6373 driver
* bda5b83661 mb/google/brya/var/uldrenite: update gpio settings
* afb11d05b9 mb/google/trulo/var/uldrenite: Add memory config
* 46df9e1d38 mb/google/brya/var/marasov: Enable GPP_F9 GPIO for early panel power-on
* 04d33b90ec mb/google/fatcat: config GPP_F23 as ISH gpio pin
* 16ab83b34a soc/mediatek/mt8196: Initialize SSPM
* b793209b80 mb/google/brox/var/jubilant: Disable Tccold Handshake
* 2f1e67bbc7 mb/google/nissa/var/glassway: Modify touch screen ILIT2901 sequence
* a1c50f233d soc/mediatek/mt8196: Add PMIC MT6363 ADC driver
* 8910b6ba7d soc/mediatek/mt8196: Add PMIC MT6363 driver
* c215889442 soc/mediatek/mt8196: Add PMIF and PMIC driver support
* 27fa0595de soc/mediatek/mt8196: Add mtcmos init support
* 61a00269a2 mb/amb/birman*/gpio: remove configuration for VDD_MEM_VID[0,1]
* 38b59164ca ec/google/chromeec: Define ACPI_NOTIFY_CROS_EC_MKBP constant
* 50c9747d87 drivers/usb/intel_bluetooth: Add GBTR Method
* 0bb4a220a8 soc/intel/common/cnvi: Fix GBTE path in comment
* d33244c3af drivers/usb/intel_bluetooth: Relocate BTRK to \_SB.PCI0
* 04b9627e07 drivers/usb/intel_bluetooth: Fix GBTE to return Local0
* c3f9dd3af3 drivers/usb/intel_bluetooth: Change the Power Resource to S0
* 1cf8d84f3b mb/google/nissa/var/rull: Add 6W and 15W DPTF parameters
* 62a9d670bf mb/google/brya/var/uldrenite: Add HDA verb tables
* 56278eeed8 mb/google/rex/var/kanix: Enable/Disable PCIE WLAN based on fw_config
* 6d3346068b intel/common/block: Program the right power_limits_config entry
* 35bf4bc59c commonlib: Add generic word-at-a-time optimization to ipchksum()
* e987ba45d6 soc/mediatek/mt8196: Add booker driver
* aa3cfd5c69 haswell NRI: Post-process selected timings
* 4a4ad2b1e6 haswell NRI: Initialise MPLL
* 41c2e1685e soc/intel/xeon_sp: Add PCU PCI drivers
* 8721757aca soc/intel/xeon_sp/skx: Configure IOAPICs
* e9c546b153 arch/x86: Rename breakpoint removal function
* 0351872731 arch/x86: Add breakpoint to stack canary
* 572da7c524 acpi/acpigen: generate Create*Field() from name string directly
* 2e9aebf63f mb/google/fatcat: Enable Intel DPTF support and configure policies
* a8ff286185 mb/google/fatcat: Enable Bayhub Level 2 errata
* 230e646d98 mb/google/fatcat: Remove redundant GPIOs for x1 slot
* fbacae625a soc/intel/ptl: Enable UFS functionality by adding IRQ programming
* b67e001a85 soc/intel/pantherlake: Fix UFS ACPI _ADR calculation
* 2496943b5c mb/google/brox/var/jubilant: Set PCIe root port 5 speed to Gen2
* dfdb210e26 soc/intel/common/block: Fixup itss_get_on_chip_dev_pirq
* 223dabef56 soc/intel/common/block: Add const qualifier for input of pirq ops
* afc49fa013 soc/intel/xeon_sp: Remove lpc_lockdown_config
* 1a4ab38035 soc/mediatek/mt8196: Rename SCP to SPM base variables
* 3189afbdee soc/intel/common: Drop locking function fast_spi_set_vcl
* 01bf34cb28 soc/intel/xeon_sp: Support _PRT reporting for domain
* 1399dd8086 soc/intel/xeon_sp: Skip not pre-routed devices in _PRT reporting
* a5362f6d73 soc/mediatek/mt8196: Enable ARM Trusted Firmware integration
* 42a696090f Update arm-trusted-firmware submodule to upstream master
* 861413b295 mb/google/nissa/var/riven: Set PCIe root port 4 speed to Gen2
* d5a11293ff soc/intel/alderlake: Add support for PCIe speed setting
* 5b447d00f5 soc/intel/pantherlake: Fix UFS ACPI inclusion in southbridge.asl
* 1c51c3e57f device/pci_ids: Add Pantherlake-H GT2 (DID2)
* 15109603c6 mainboard/ocp/tiogapass: Enable TPM
* 94d200c394 soc/intel/xeon_sp/cpx: Add missing FADT fields
* 534585d7bd soc/intel/xeon_sp/skx: Drop ACPI_FADT_8042
* 98ca450a53 soc/intel/xeon_sp: Use generate_p_state_entries
* 28c03b501e mb/ocp/tiogapass: Implement mainboard_dimm_slot_exists
* 74ee80d207 soc/intel/xeon_sp/cpx: Fix register lock
* e1a0e6b738 soc/intel/xeon_sp/skx: Fix CPU init
* b04ecb2a5f arch/x86: Enable support for IOAPIC devices
* a7437ca340 soc/intel/common/block/cse: allow CSE telemetry on non-lite CSE SKU
* 0d284bfc36 soc/intel/mtl/acpi/gpio.asl: fix missing gpio.h include
* aeb5ccd129 ec/dasharo/ec: add Dasharo features
* 820c7e06d2 soc/mediatek/mt8196: Set DRAMC_PARAM_HEADER_VERSION to 4
* d8104af174 mb/google/rex/var/kanix: Disable FP_MCU based on fw_config
* 075a13b775 mb/google/fatcat: Update Soundwire codec address based on devicetree
* 2411942a05 drivers/soundwire/alc711: Add common Kconfig for ALC7xx soundwire codecs
* 534f81d165 mb/google/fatcat: Update flash layout
* 1b175a64e3 soc/intel/ptl: Populate SMBIOS Type 4 with unique serial number
* 4b574281f0 soc/intel/cmn/pmc: Retrieve SoC QDF information via PMC IPC
* 4ce5304879 soc/intel/xeon_sp: Advertise DIMMs on skylake_sp as well
* 5613f0e6be soc/intel/xeon_sp: Fix debug print
* 0d827a5810 soc/intel/xeon_sp: Drop SOC_INTEL_MMAPVTD_ONLY_FOR_DPR
* d3aa108acf drivers/ipmi/ocp: Add missing include
* 37e9c22089 libpayload: configs: Add new config.featuretest to broaden CI
* bcced7caea commonlib/device_tree: Make END token part of struct_size
* 8ad1ee9b0a util/intelp2m: Print the current project version
* 1b9c312273 intelp2m/patform/sunrise: Add unit tests
* 2394795279 intelp2m/patform/lewisburg: Add unit tests
* bce3363412 intelp2m/patform/apollolake: Add unit tests
* 6abf66c8f3 util/intelp2m/parser/template: Add unit test
* 6b43e4ba33 MAINTAINERS: Add Yuchi and Vasiliy for Intel Atom Snow Ridge SoC
* 5cedebf874 soc/intel/xeon_xp: Remove 1 bytes losing in lower DRAM
* cd30d94ae5 mb/google/brya/var/uldrenite: Generate RAM ID and SPD file
* cda1e7e553 mb/google/nissa: Create pujjogatwin variant
* c0ccace4d5 .checkpatch.conf: Set max line length to 96
* 6f2a8ee8cc soc/mediatek/mt8196: Require DRAM blob to exist
* 850cf7d07a Update blobs submodule to upstream main
* 75424efdc4 soc/amd/common/psp/psp_def.h: increase P2C_BUFFER_MAXSIZE
* 179945291c soc/amd/common/psp/rpmc: fix printk format string
* 9b308f4d54 soc/amd/common/psp/psp_smi: report errors in 'handle_psp_command'
* 5613f209c7 soc/amd/common/psp_smi_flash: implement SPI flash RPMC command handling
* b1f954bc6c soc/amd/common/block/psp/psp_smi_flash.h: fix struct element types
* ce01117aa5 drivers/spi: add RPMC support
* 78270ef3f1 Documentation/tutorial/managing_local_additions.md: Add symlink info
* 0a7c3ed514 soc/mediatek/mt8195: Fix SCP register address
* 4c8547704f mb/google/rauru: Add 2nd source TAS2563 amps to support beep
* ac83b48cba soc/mediatek/mt8196: Add audio base address definition
* c661933a24 soc/mediatek/common: Add read16/write16 support for PMIF
* c107755701 vc/intel/fsp: Update PTL FSP headers from 2382_01 to 2431.00
* a417acdfbc mb/google/fatcat: Remove unnecessary prototype
* d095f1ea45 soc/amd/glinda: Update MCA banks
* 8df4eefd44 soc/mediatek/mt8196: Reserve DRAM buffers for HW TX TRACKING
* 5c766bc150 mb/purism/librem_cnl: Add ramtop to cmos.layout for librem_mini
* 2007792b08 mb/purism/librem_l1um_v2/ramstage.c: Use DEV_PTR macro
* 7f54139a81 Docs/mb/starlabs/labtop_cml.md: Fix footnote syntax
Signed-off-by: Leah Rowe <leah@libreboot.org>
wip2
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already check the python version, and set a variable
for it, so that we can reliably use python3, even if
python in PATH doesn't correspond to python3. for
example if a system has python as python2 and python3
as python3
well, we use that when running deguard for example, but
various upstream projects that we use may need python,
and all of them use python3, not 2
so, re-use the python variable set up by lbmk, and
set it up in PATH accordingly. this now makes the note
about python3 obsolete, on docs/build.md in lbwww.git
Signed-off-by: Leah Rowe <leah@libreboot.org>
They may not actually always be binary blobs, at least not
software. I started referring to these as "vendor files" some
time ago, for this reason.
With this terminology, it applies properly to any sort of file
from the vendor. For example, it may be that in the future, we
start inserting the MFS section of an an Intel ME image, into
the Intel ME.
We already do that with deguard for example (set MFS config),
on MEv11 based setup. That is a vendor *file*, and though it
may still actually be a binary blob, it's not software, but
configuration.
The term "blob" normally means compiled software, in most people's
minds, but the term blob is technically accurate for any blob,
not just software; however, we have to keep people's perception
in mind.
Whereas, "vendor file" is also understood by most people to
include code supplied by the vendor.
We haven't done any releases yet with this ROM image file name
prefix, so it's perfectly OK to handle it now, without handling
the old one for backwards compatibility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Users running setmac on an X200 tarball for example, will
now see it being modified, if they didn't specify
setmac keep, so they might think vendor files are being
inserted, which they are not.
Therefore, a confirmation is provided at the end of the output.
Signed-off-by: Leah Rowe <leah@libreboot.org>
./mk inject libreboot-YYYYMMDD_board.tar.xz setmac restore
This does the same thing as a normal setmac command, except
that it does not alter the MAC address; it is also not the
same as "keep", which skips *writing* the GbE region in-ROM.
The *restore* argument writes the default, unmodified GbE file
kept by lbmk, unmodified because nvmutil is skipped when the
user specifies this argument.
This option is useful for debugging purposes, because it can
be used to verify whether anything else is being wrongly
modified by the script; the "nuke" command can be executed
afterward, and the hash file inspected versus release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
MAC addresses are generic, inside Libreboot images where
an Intel GbE region is specified.
We commonly get users flashing multiple systems for their
own use, and sometimes they complain that they networking
broke, because they don't know that the MAC address is
identical on each machine.
This still doesn't work around the case where the same machine
is used, e.g. multiple T440p thinkpads, but if they have one
of each model, it can work nicely, because we do in fact
change it for various platforms.
This change will also reduce the number of people at conferences
in the future, where there are multiple Libreboot users, having
MAC address conflicts.
Changing the MAC address is a good practise, so we enforce good
practise. The user can still retain the old behaviour by
using this command:
./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac keep
The "keep" argument clears new_mac, which will then skip
changing the MAC address. They can also still set an arbitrary
MAC address as an argument for setmac, e.g.:
./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac 00:de:ad:c0:ff:ee
This change will be covered in the documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if the user ran this on an x60 tarball, the no-gbe
warning seems confusing since that one has intel gbe,
but pre-ifd, so no gbe region in the flash; on pre-ifd
systems e.g. ich7 southbridge, the mac address was baked
into a separate gbe nvm on mask rom, inaccessible to users
Signed-off-by: Leah Rowe <leah@libreboot.org>
We already have code to handle this, but it's possible
that I might break it in the future, due to the complex
logic of this script.
So, I've implemented this catch-all check at the end of
the process. It still relies on the actual setting of
the variables, upon which this check is based, to be set
correctly.
This condition will most certainly never be met, unless
I break some other part of the code in the future. That
is precisely what this overly pedantic check is for.
Example scenarios:
I forget to set xchanged=y, on a new modification.
I set has_hashes erroneously.
The variables are re-used between runs, and not properly
reset; at present, a given run of ./mk inject only
operates on a single target, but this latter fact could
change in the future.
need_files is set erroneously; vendorfiles detected as
being required, when they aren't.
These are just a few examples. As such, this is a preventative
bug fix, because it's preventing a bug.
The main reason I want this i n here is because I need to ensure
that vendor files are properly deleted, for a given release.
If I accidentally includes ones that I'm not supposed to,
inside ROM images, that could be a big problem.
Signed-off-by: Leah Rowe <leah@libreboot.org>
where the nuke command is used, we need the files to be
there; if they're not, it will try to nuke them, which will result
in an error in most cases, but there may be some cases where that
isn't true, for instance if only the Intel ME is needed; it'll be
writing zeroes over zeroes.
we want to only allow technically correct behaviour, because
technically correct is the best kind of correct.
it is theoretically possible that a double-nuke might affect
certain behaviours unpredictably. for example, if vendor.sh
later integrates another tool that works whereby the same command
inserts or nukes depending on a certain condition, but with the
same command, and where that command would return zero in both
cases.
this is a preventative bug fix, because it fixes an issue that
does not yet actually occur in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user must be well-informed as to the next step, which
this script directly influences
guide the user accordingly
Signed-off-by: Leah Rowe <leah@libreboot.org>
The message at the end that states a file was
not modified, is not currently printed when vendor
files are not needed, and setmac is not used.
This patch fixes that, so the user now sees a
confirmation of such change, or lack thereof.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is because the user may have specified setmac.
I tried without this change, on a fresh lbmk, setting
the MAC address on an X200 tarball, and it produced an
error that ifdtool was unavailable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Observe the following prior patch:
commit 818f3d630c
Author: Leah Rowe <leah@libreboot.org>
Date: Fri Jan 3 17:06:14 2025 +0000
vendor.sh: Don't error if vcfg is unset
Now:
This patch made vendor inject more robust, and speeds
up the processing of images where no vendor files are
needed, but it broke setmac on such tar archives.
This new patch works around it. For example, I was
able to run ./mk inject on an X200 tarball to change
the MAC address; no vendorfiles are inserted, because
it's not needed.
The further check for whether a board uses Intel GbE
still protects against accidental modification.
Signed-off-by: Leah Rowe <leah@libreboot.org>
probably not actually needed, but it annoys me that it doesn't
come installed by default, and it's needed for certain git
operations
Signed-off-by: Leah Rowe <leah@libreboot.org>
It should return 1 instead, in readcfg(), because this
is not an error condition; vcfg not being set means
that the board doesn't use vendor files, which is
perfectly normal and should not yield an error.
This fixes a build error under certain conditions,
found during release-build testing.
This bug was exposed when I fixed double quoting issues
as per shellcheck tests.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it should fix more build errors that might have appeared
in the aforementioned revision, mentioned in the previous
commit message
Signed-off-by: Leah Rowe <leah@libreboot.org>
the bug was actually caused by chkvars
add an escape for the quotes and bam. fixed.
without this, i got the following e.g.
For command: ./mk dependencies debian
Output:
./mk: 1: [: apt-get: unexpected operator
ERROR ./mk: pkg_add unset
Someone reported a similar issue with the Arch one,
which is also now fixed. This regression was caused
by the previous commit:
commit 0cf58c2273
Author: Leah Rowe <leah@libreboot.org>
Date: Thu Jan 2 23:52:45 2025 +0000
fix lbmk shellcheck errors
I forgot to escape the double quotes in an eval.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This check is a good idea, but not viable here,
because the modules naturally aren't set in all
circumstances, so it just causes a build error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the gnu.org mirror is always slow for some reason, but only
for gnulib. it may only be for me, because routing in other
countries/networks may differ.
when i'm freshly cloning lbmk modules, gnulib is always really
slow, like 300KB/s (bytes, not bits)
i have 1gbps internet and wish to not have 2005-era speeds,
thank you kindly!
Signed-off-by: Leah Rowe <leah@libreboot.org>
Mention Riku's copyright in the COPYING file, and update
my years in that file. Add Riku to the AUTHORS file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The user might wish to uninstall, but not remove the
build that they just did.
The user can still do make clean if they wish.
Signed-off-by: Leah Rowe <leah@libreboot.org>
DESTDIR is the root directory where it goes, which
is normally an empty string; PREFIX is where the
bin directory is located, relative to DESTDIR
Default to /usr/local for PREFIX, not /usr, because
/usr/bin is for system utilities.
nvmutil is a local utility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't want to clobber anything that the user set themselves.
Instead, we should respect the user's choice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This makes the code easier to understand.
All 2-byte words, stored in little endian order within
the 128-byte GbE NVM area, must add up to 0xBABA.
If it doesn't, then software is supposed to reject that
GbE config. The nvmutil software works on that basis.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make it look like hexdump -C, where individual bytes are
spaced, and there is an additional space after 8 bytes,
per row.
i won't bother with a character display, since that is
meaningless on gbe nvm words.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i also removed that printf, because the path it prints is
actually wrong sometimes; in the recent re-write of vendor.sh,
it prints the correct path instead
Signed-off-by: Leah Rowe <leah@libreboot.org>
There was also a condition in run_make_command that is now
an OR, where it was an AND, on script/trees, to fix the use
of mixed (and erroneous) OR/AND operators.
I'm planning a much more invasive audit than this. These are
light fixes, intended for Libreboot 20241206 rev8.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't extract to bin/release/
Modify the tarball instead. Previously, the tarball would
not be modified, but a lot of users thought the tarball was
being modified and ignored bin/release/, where the injected
images were actually being saved to.
Don't copy the tarball either. Just modify it in-place.
Don't allow single-rom injection either; only allow the
tarball-based method.
The command syntax has changed, but:
./mk inject tarball.tar.xz
This is the same. What has changed is nuke, and MAC address
modification. Observe:
./mk inject tarball.tar.xz nuke
./mk inject tarball.tar.xz setmac
./mk inject tarball.tar.xz setmac ??:??:??:??:??:??
./mk inject tarball.tar.xz setmac 00:1f:16:??:22:aa
These are just a few examples. The MAC address syntax is
the same as used for nvmutil, which means you can set it
randomly. Also:
./mk inject tarball.tar.xz setmac
You can use the *setmac* command *repeatedly*, even if
you've already injected a given archive. It'll just
update the archive, but skip injecting other files
that were already injected.
If you use setmac without a MAC address, it will randomise
the MAC address. This is therefore very similar to the
command structure used in nvmutil.
The code for injection is generally more robust, with
stronger error checks. This design change was done, so
that the user doesn't accidentally brick their machine.
The non-injected images have a prefix in the file name
saying "DO_NOT_FLASH", and those non-injected images are
padded by 1 byte. That way, the user knows not to flash it
and if they try, flashprog will throw an error.
The prefix and padding is removed on injection. Old images
without the padding/prefix can still be injected, via
tarballs; this new code is backwards-compatible with tarballs
from older Libreboot releases.
A common thing I see sometimes is a user will say they have
a black screen or something, and I say: did you insert vendor
files? And they say yes. And they did. But they extracted and
flashed from the tarball, which wasn't injected, because
they didn't release about bin/release/
No amount of RTFM is justified. The previous design flaw
is a bug. We must always observe user safety first, no matter
what, so that has now been done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Must not exceed 79 lines. Some variables and functions have
been renamed, and there has been some minor re-factoring.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I don't like using SPDX for actual copyright declarations.
I only want it to be used for the license identifier.
Also:
I made a *single* change to nvmutil.c in 2024, which means
that I have copyright in all years since and including 2022;
the file said 2022, 2023, 2025, but it's actually 2022-2025.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I believed that the compressed nature of refcode was the only
non-reproducible thing, but turns out you also need to run
rmodtool on the refcode to make the binary relocatable in
cbfs. This is based on my reading of the coreboot Makefile.
With this change, I can now provide release binaries for
the HP EliteBook 820 G2.
Signed-off-by: Leah Rowe <leah@libreboot.org>
dnf reinstall package
or
dnf install package
for reinstall, do this:
./mk dependencies fedora41 re
this is an example command
the 4th argument prefixes "install" in dnf install
a bit hacky but it should work
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in a *single* change from SeaBIOS, because there
has only been one change in the main branch, and it's a bug fix.
The change from upstream is as follows:
commit 1602647f1be24fe63d11138d802e735c8e674e63
Author: Daniel Khodabakhsh <d.khodabakhsh@gmail.com>
Date: Thu Nov 7 18:46:16 2024 -0800
boot: Force display of the boot menu when boot-menu-wait is a negative number
Signed-off-by: Leah Rowe <leah@libreboot.org>
Although this is for a stable release revision, namely
Libreboot 20241206 revision 8, I've carefully audited the
upstream changes and they all seem fine.
Several important bug fixes have been imported with this change.
Most interestly, GRUB has also added support for TPM2 Key
Protectors; we don't use this feature yet, and probably won't
for the time being, since TPM is largely security threatre for
our purposes anyway. There's no harm including all upstream
revisions, up to those ones, since those modules are not yet
added in lbmk.
Most notably, there are several file system fixes, and minor fixes
to the graphics terminal of GRUB. Minor fixes only, in terms of
what Libreboot actually uses at present.
The full list of imported changes are as follows, relative to the
previous GRUB revision, which was b53ec06a1 from 17 June 2024:
* 6811f6f09 tpm2_key_protector: Enable build for powerpc_ieee1275
* ff14b89bd ieee1275/tcg2: Add TCG2 driver for ieee1275 PowerPC firmware
* 72092a864 ieee1275/tcg2: Refactor grub_ieee1275_tpm_init()
* 8c0b5f200 ieee1275/ibmvpm: Move TPM initialization functions to own file
* 7344b3c7c ieee1275: Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID
* 29d1bd2a9 term/ieee1275/serial: Cast 0 to proper type
* 99ee68a01 tss2: Adjust bit fields for big endian targets
* 3770a6905 docs: Document TPM2 key protector
* f898440cc tests: Add tpm2_key_protector_test
* 76a2bcb99 tpm2_key_protector: Add grub-emu support
* 135e0bc88 diskfilter: Look up cryptodisk devices first
* b35480b48 cryptodisk: Wipe out the cached keys from protectors
* 6abf8af3c cryptodisk: Fallback to passphrase
* fba3a474e tpm2_key_protector: Implement NV index
* 550ada7d6 tpm2_key_protector: Support authorized policy
* 5f6a2fd51 util/grub-protect: Add new tool
* ad0c52784 cryptodisk: Support key protectors
* 48e230c31 key_protector: Add TPM2 Key Protector
* 35c9904df tss2: Add TPM2 Software Stack (TSS2) support
* 63a78f4b4 tss2: Add TPM2 types and Marshal/Unmarshal functions
* 2ad159d9b tss2: Add TPM2 buffer handling functions
* 5d260302d key_protector: Add key protectors framework
* 3d60732f9 libtasn1: Add the documentation
* 99cda6788 asn1_test: Test module for libtasn1
* 504058e82 libtasn1: Compile into asn1 module
* 8a0fedef2 asn1_test: Enable the testcase only when GRUB_LONG_MAX is larger than GRUB_INT_MAX
* 66cf4cb14 asn1_test: Use the grub-specific functions and types
* 0d0913fc6 asn1_test: Print the error messages with grub_printf()
* 2e93a8e4b asn1_test: Remove "verbose" and the unnecessary printf()
* b7568e335 asn1_test: Return either 0 or 1 to reflect the results
* d60a04bae asn1_test: Rename the main functions to the test names
* 54e0e19a2 asn1_test: Include asn1_test.h only
* 0ad1d4ba8 libtasn1: Fix the potential buffer overrun
* 4160ca983 libtasn1: Use grub_divmod64() for division
* 8f56e5e5c libtasn1: Adjust the header paths in libtasn1.h
* d86df91cb libtasn1: Replace strcat() with _asn1_str_cat()
* 32fdfe600 libtasn1: Replace strcat() with strcpy() in _asn1_str_cat()
* fa498af7b libtasn1: Disable code not needed in GRUB
* 9a26abbc3 libtasn1: Import libtasn1-4.19.0
* c85c2b9f5 posix_wrap: Tweaks in preparation for libtasn1
* 4f6c46091 kern/fs: Honour file->read_hook() in grub_fs_blocklist_read()
* 792132c72 docs: Fix incorrect and potentially confusing language and minor formatting
* 1763d83f5 docs: Correct GRUB config file name for network boot
* 097fd9d9a docs: Correct chainloader UEFI secure boot info
* f48e6af11 docs: Correct PXE environment variables descriptions
* dd743ba42 loader/multiboot: Do not add modules before successful download
* 9a9082b50 grub-mkimage: Add SBAT metadata into ELF note for PowerPC targets
* f97d4618a grub-mkimage: Create new ELF note for SBAT
* f26b39860 commands/legacycfg: Avoid closing file twice
* 337cb2486 nx: Rename GRUB_DL_ALIGN to DL_ALIGN
* 31de991de kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
* f5bb766e6 nx: Set the NX compatible flag for the GRUB EFI images
* 94649c026 nx: Set page permissions for loaded modules
* 09ca66673 nx: Add memory attribute get/set API
* 9fb80dd57 modules: Load module sections at page-aligned addresses
* 6e2fe134e modules: Don't allocate space for non-allocable sections
* 2b79d550f modules: Strip .llvm_addrsig sections and similar
* 246c82cda modules: Make .module_license read-only
* 616adeb80 i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global
* 95a7bfef5 i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT
* 1b1061409 i386/msr: Extract and improve MSR support detection code
* 929fafdf5 i386/msr: Rename grub_msr_read() and grub_msr_write()
* d96cfd7bf i386/msr: Merge rdmsr.h and wrmsr.h into msr.h
* 86ec48882 commands/tpm: Skip loopback image measurement
* 3808b1a9b net/drivers/efi/efinet: Skip virtual VLAN devices during card enumeration
* e5f047be0 efi/console: Properly clear leftover artifacts from the screen
* c5ae124e1 kern/riscv/efi/init: Use time register in grub_efi_get_time_ms()
* 9c34d56c2 loader/efi/linux: Reset freed pointer
* 92bed41bf loader/efi/linux: Reuse len variable
* 33cb8aecd lib/x86_64/relocator_asm: Use .quad instead of .long
* 77cd623de lib/x86_64/relocator_asm: Fix comment in code
* 95145eea5 loader/efi/linux: Update comment
* d333e8bb3 util/grub-mkimagexx: Explicitly move modules to __bss_start for MIPS targets
* 34b7f3721 include/grub/offsets.h: Set mod_align to 4 on MIPS
* ed0651673 gentpl: Put boot/mips/startup_raw.S into beginning of the image
* 648f2d16c configure: Add -mno-gpopt option for mips and mipsel targets
* f0710d2d8 lib/xzembed/xz_dec_bcj: Silence warning when no BCJ is available
* e61157bbd fs/erofs: Replace 64-bit modulo with bitwise operations
* 5313fa839 configure: Look for .otf fonts
* 33b94f2a9 loader/efi/chainloader: Do not print device path of chainloaded file
* ab1e6fc04 docs: Document all GRUB modules
* 9537f4403 commands/bli: Fix crash in get_part_uuid()
Signed-off-by: Leah Rowe <leah@libreboot.org>
The T480 has no option table, because it lacks nvram, so the
default option applies, which seems to be power on after power
failure. This is undesirable on a laptop.
It's triggered simply when your laptop battery runs out, and
once triggered, it couldn't be configured at all.
Hard-code this. The documentation will be updated later on
after this patch is pushed, telling those users who want
to change this behaviour how to modify/remove the patch,
if they wish to to do so, because some people may actually
want to run a server on the OptiPlex 3050 Micro (or if they're
crazy like I am, they will host libreboot.org on a ThinkPad).
Signed-off-by: Leah Rowe <leah@libreboot.org>
We haven't seen any build errors, but it seems flashprog
sets -Werror on CFLAGS. If you provide WARNERROR=no as
a make argument, it avoids -Werror entirely.
This is a preventative fix, for over-zealous compilers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In Debian dependencies files. These are available in
Debian Stable, but liblz4-tool is a transitional
package referring to lz4; liblz4-tool transition
package is unavailable in Debian sid, so remove it
from the dependencies files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
./mk dependencies debian --reinstall
Add --reinstall and it'll do:
apt-get install --reinstall
This can be useful when updating from a stable release
to a testing release. The variable, "reinstall" can be
configured for other distros, but it's currently only
configured for Debian-based distros.
Also, it can be anything. For example, you could add -y;
however, a 4th argument will not be accepted. For example,
you cannot do:
./mk dependencies debian --reinstall -y
If you do this, it'll only see --reinstall; similarly, if
you did this command:
./mk dependencies debian -y --reinstall
then -y would be passed, but not --reinstall. This is an
intentional design decision, in case you accidentally pasted
or subshelled something that outputted something undesirable,
to prevent possible abuse.
Signed-off-by: Leah Rowe <leah@libreboot.org>
When doing ./mk release, the build system would create
symlinks inside xbmkpath/ relative to the current work tree,
which will differ from what's in PATH.
Since XBMK_CACHE is already set globally, from the main work
tree and the release-build work tree, that means we can know
reliably that PATH is always correct if we put xbmkpath/
inside XBMK_CACHE.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 7813205146.
I'm doing changes for 20241206 rev8. It was a mistake to
remove these; they will be removed again, after rev8.
The documentation standardised on ./mk a while ago now, and
it's almost time to remove these commands. However, anyone
using the old commands ought to be able to, up to and including
any revision of the Libreboot 20241206 release.
It is my intention that these legacy commands finally be
removed for the next testing release, as part of a much wider
build system audit that I'm doing between now and then.
(Libreboot Build System Audit 7 is underway, and several of
these early audit7 changes are going on 20241206 rev8; after
that, I will create a branch named 20241206_branch off of rev8,
and anything in master from then on will contain much wilder
changes, with more conservative changes in 20241206_branch)
Signed-off-by: Leah Rowe <leah@libreboot.org>
Tested on Debian Sid, as of 30 December 2024, which uses
Swig 4.3.0. Context here:
commit a63456b9191fae2fe49f4b121e025792022e3950
Author: Markus Volk <f_l_k@t-online.de>
Date: Wed Oct 30 06:07:16 2024 +0100
scripts/dtc/pylibfdt/libfdt.i_shipped: Use SWIG_AppendOutput
This patch from U-Boot upstream has been backported to the
release revision used by Libreboot. Swig has, since 4.3.0,
changed the language-specific AppendOutput functions, but
the helper macro SWIG_AppendOutput is identical; therefore,
upstream switched to this function.
The benefit of this fix is that since the newly used macro
is also the same on older Swig versions, and behaves the same,
this shouldn't fix building on older Swig versions. For reference,
the initial Libreboot 20241206 release, and revisions of it before
revision 8, was built on Debian 12 which uses Swig 4.1.0.
The rev8 release will still be compiled on Debian 12, but with
this change, it should also compile on Debian Sid, and bleeding
edge distros like Arch Linux.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In general, we don't want to mess with the hostcc, unless
we have to. To avoid other breakage, clear what we did
after crossgcc has compiled.
This is a follow-up to the previous patches, matching gcc
to gnat versions and vice versa, when compiling crossgcc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i intend for this function to work generically,
matching gnat to gcc or gcc to gnat, but there was
a hangover from the previous code where it specifically
assumed we were matching gnat
this bug manifested when i tested with gnat being v13
and gcc being v14 in path, where gcc-13 was also
available in path.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on debian trixie/sid after updating from stable,
sometimes gcc 13 and gnat 13 are both available, but
gcc resolves to gcc-14 and gnat-14 isn't available.
even when gnat-14 and gcc-14 are available, gnat will
still either resolve to gnat-13, or nothing at all.
in cases where gnat-14 is unavailable, but gcc and gnat 13
are both available, we should match gcc to gnat.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Remove all symlinks each time, to ensure that no
stragglers are left behind, since they are being
re-generated each time anyway.
The code for determining version numbers has now
been unified under gnu_setver()
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were checking the shorthand version number, but
the precise version numbers need to match.
Also: when we searched $PATH/gnat-$gccver, we assumed
that the full version would then match, without checking
it, so now it is checked precisely.
Signed-off-by: Leah Rowe <leah@libreboot.org>
When doing e.g. $@ we should use double quotes to prevent globbing.
Thanks go to XRevan86 for pointing this out.
Signed-off-by: Leah Rowe <leah@libreboot.org>
because if it says yes to everything, and the package
manager would otherwise ask whether you want to give
it your first born son, you are therefore agreeing to it.
so remove -y for safety
Signed-off-by: Leah Rowe <leah@libreboot.org>
When I tested Debian Trixie, and Debian Sid, I saw that
GCC in PATH pointed to gcc-14, but gnat in path pointed
to GNAT-13, even if you manually install gnat-14.
GNAT 14 was marked experimental, but GCC 14 was marked
for use, in the apt repositories.
So this patch doesn't address the mismatch when doing e.g.
apt-get install gcc gnat
I will address the actual package dependency in a follow-up
patch, on the Debian dependencies config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Hyperthreading is a risk factor for spectre/meltdown
and other attacks.
Disabling it is a best practise. Those who need it
can always turn this option back on. Otherwise, disabling
it by default is a simply courtesy to the average user,
in the interest of security.
Signed-off-by: Leah Rowe <leah@libreboot.org>
SeaBIOS was lagging a lot, on startup and when executing
almost any payload, especially when doing anything in the
ESC menu.
I set the debug level to *21*, and thoroughly analysed the
logs. I found entries such as this:
Checking for bootsplash
WARNING - Timeout at wait_reg8:81!
TCGBIOS: Return value from sending TPM2_CC_StirRandom = 0x00000000
WARNING - Timeout at wait_reg8:81!
TCGBIOS: Return value from sending TPM2_CC_GetRandom = 0x00000000
WARNING - Timeout at wait_reg8:81!
TCGBIOS: Return value from sending TPM2_CC_HierarchyChangeAuth = 0x00000000
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc16e
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc1c5
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc211
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc25d
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2a9
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc2f5
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc341
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc38d
WARNING - Timeout at wait_reg8:81!
TCGBIOS: LASA = 0x7a9fc000, next entry = 0x7a9fc3d9
Searching bootorder for: HALT
Mapping hd drive 0x000f49e0 to 0
I'm not quite certain what the problem is, but disabling TPM2
made the problem go away; SeaBIOS is snappy again.
TPM is security threatre anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Previously serprog_rp2040, but we now also support
the RP2530 boards.
Therefore, serprog_pico is a nice generic name. The
directory on release archives will now be serprog_pico
instead of serprog_rp2040; it will contain serprog images
for both RP2040 and RP2530 devices.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this brings support for a new microcontroller platform rp2530.
total number of pico boards supported now: 97
TEST: built them all
Tested-by: Riku Viitanen <riku.viitanen@protonmail.com>
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
rp2040 and rp2530 platforms can't share a cmake build directory. we
could just delete the build directory after every compilation, but that
would be really wasteful (every tool would need to be recomiled every
time. instead create new build directories as new plaforms are found
and symlink them to the point where the build directory used to be.
to find out which platform we're compiling for, we crudely parse the
board headers file.
there surely would be better ways to do this, but this hack works
with all the boards in pico-sdk 2.1.0.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
change python3-distutils to python3-distutils-extra
the latter is still available in debian sid, but not
the former. however, installing this should still
provide the additional files required.
with this, the debian script is now compatible with
both debian sid and debian stable(bookworm, presently).
Signed-off-by: Leah Rowe <leah@libreboot.org>
set this variable in the tmpclone function. otherwise,
certain submodules might always download every time,
when handling multiple projects.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The Libreboot 20241206 release provided FSP pre-assembled
and inserted into the ROM images; the only file inserted
by vendor.sh was the Intel ME.
Direct distribution of an unmodified FSP image is permitted
by Intel, provided that the license notice is given among
other requirements. Due to how coreboot works, it must split
up the FSP into subcomponents, and adjust certain pointers
within the -M component (for raminit).
Such build-time modifications are perfectly fine in a coreboot
context, where it is expected that you are building from source.
The end result is simply what you use.
In a distribution such as Libreboot, where we provide pre-built
images, this becomes problematic. It's a technicality of the
license, and it seems that Intel themselves probably intended
for Libreboot to use the FSP this way anyway, since it is they
who seem to be the author of SplitFspBin.py, which is the
utility that coreboot uses for splitting up the FSP image.
Due to the technicality of the licensing, the FSP shall now
be scrubbed from releases, and re-inserted.
Coreboot was inserting the -S component with LZ4 compression,
which is bad news for ./mk inject beacuse the act of compression
is currently not reproducible. Therefore, coreboot has been
modified not to compress this section, and the inject command
doesn't compress it either. This means that the S file is using
about 180KB in flash, instead of about 140KB. This is totally OK.
The _fsp targets are retained, but set to release=n, because these
targets *still* don't scrub fsp.bin; if released, they would
include fsp files, so they've been set to release=n. These can
be used on older Libreboot release archives, for compatibility.
The new ROM images released for the affected machines are:
t480_vfsp_16mb
t480s_vfsp_16mb
dell3050micro_vfsp_16mb
Note the use of _vfsp instead of _fsp. These images are released,
unlike _fsp, and they lack fspm/fsps in the image. FSP S/M must
be inserted using ./mk inject.
This has been tested and confirmed to boot just fine.
The 20241206 images will be re-compiled and re-uploaded with this
and other recent changes, to make Libreboot 20241206 rev8.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We only use ./mk now.
./build still exists for now. This will be removed
in a future revision, when the trees script is removed
and merged with the main script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use ./mk instead, because in a future change to lbmk,
only ./mk will be used and the other commands will
be removed.
with this change, the ./vendor, ./build and ./update
commands are no longer used. these commands still work,
for backwards compatibility, but they are deprecated.
Signed-off-by: Leah Rowe <leah@libreboot.org>
When vendor files were not needed on a given board,
the script would directly exit. This is bad, because
the inject functions are called directly from the main
script, which means the parent instance of lbmk.
This means that the lock file and temporary files were
not being removed on exit. On a subsequent run, this
would cause the error stating that a lock file is present,
which would cause further error, making the user believe
something is broken in lbmk.
Modify the behaviour accordingly; exits are now returns,
and these are handled in the calling functions, in such
a way that a proper exit occurs, whereby temporary files
and the lock file are deleted.
For context, please read the main "build" script where
it calls vendor_inject and vendor_download. At the end
of that script, it calls tmp_cleanup, which removes the
TMPDIR that was created, and the lock file. In lbmk,
the TMPDIR is not /tmp, but rather a subdirectory
under /tmp, so that further calls to mktemp create
everything under one single temporary directory, which
lbmk automatically removes on exit.
Therefore, this patch also avoids leaving temporary files
laying around on the disk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The appdir.patch file was used on the older deguard
version, prior to Mate Kukri's rewrite. This patch is
no longer required, and no longer used, so it can be
removed safely from lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The exit was dependent upon install_packages returning
zero status, which it always would in practise, due to
its design, but this exit must always be observed, so
the code has been modified to honour this design.
A direct exit violates lbmk's design in most instances,
where a temporary directory and lock file has already
been created; at this stage, no such act was performed,
so a direct exit is perfectly acceptable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we needed these for extracting intel vga roms from
lenovoo updates, for t480, very briefly. about an hour
after i pushed that patch, mate kukri fixed libgfxinit
and then i removed the vgarom integration because it
wasn't needed anymore.
however, i forgot to remove geteltorito/mtools from
dependencies. some distros like fedora were problematic
about it.
the best thing about bugs is when you don't have to fix them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in this setup, seabios is never the default payload, grub is,
but only if grub is enabled.
set this in target.cfg:
payload_grubsea="y"
if payload_grub isn't enabled, this is auto-set to n
ditto if initmode=normal
NOTE: if flashing libgfx setups, you should make sure
that you're not booting with a graphics card, only intel
graphics. this setting will intentionally not be documented,
because it's not recommended, but is being implemented for
testing purposes (and i implemented it for some guy who i
think is cool). i'll probably also use this myself, since
i already do grub-only setups on all my own machines.
seagrub is the default on x86 because of past instabilities
with grub. to mitigate in case of future issues, since seabios
is always stable, we reduce the chance of bricks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-12-18 07:15:18 +00:00
1118 changed files with 77199 additions and 34269 deletions
[supported motherboards](https://libreboot.org/docs/install/#which-systems-are-supported-by-libreboot). It replaces proprietary vendor BIOS/UEFI implementations, by
* Using coreboot to initialize the hardware (e.g. memory controller, CPU, etc.) while
minimizing unwanted functionality (e.g. backdoors such as the Intel Management Engine)
* ... which runs a payload such as SeaBIOS, GRUB, or U-Boot
* ... which loads your operating system's boot loader (BSD and Linux-based
[systems](systems) are supported).
Why use Libreboot?
==================
Why use Libreboot, and what is coreboot?
----------------------------------------
Why should you use *libreboot*?
----------------------------
A lot of users who use libre operating systems still use proprietary boot
firmware, which often contain backdoors and bugs, hampering
[user freedom](https://writefreesoftware.org) and
[right to repair](https://www.eff.org/issues/right-to-repair).
Libreboot gives you freedoms that you otherwise can't get with most other
boot firmware. It's extremely powerful and configurable for many use cases.
[coreboot](https://coreboot.org) provides libre boot firmware by initializing
the hardware then running a payload. However, coreboot is notoriously difficult
to configure and install for most non-technical users, requiring detailed
technical knowledge of hardware.
You have rights. The right to privacy, freedom of thought, freedom of speech
and the right to read. In this context, Libreboot gives you these rights.
Your freedom matters.
[Right to repair](https://vid.puffyan.us/watch?v=Npd_xDuNi9k) matters.
Many people use proprietary (non-libre)
boot firmware, even if they use [a libre OS](https://www.openbsd.org/).
Proprietary firmware often contains backdoors (more info on the FAQ), and it
and can be buggy. The libreboot project was founded in December 2013,
with the express purpose of making coreboot firmware accessible for
non-technical users.
Libreboot solves this by being **a coreboot distribution** (in the same way
that Alpine Linux is a Linux distribution). It provides a fully automated build
system that downloads and compiles pre-configured ROM images for supported
motherboards, so end-users could easily fetch images to flash onto their
devices.
The `libreboot` project uses [coreboot](https://www.coreboot.org/) for [hardware
sb/intel/bd82x6x: Apply EHCI mapping to xhci_overcurrent_mapping
Removing this from the devicetree also allows the
board to compile, otherwise an error is thrown:
build/mainboard/hp/compaq_elite_8300_cmt/static.c:147:10: error: 'const struct southbridge_intel_bd82x6x_config' has no member named 'xhci_overcurrent_mapping'
147 | .xhci_overcurrent_mapping = 0x00000c03,
| ^~~~~~~~~~~~~~~~~~~~~~~~
build/mainboard/hp/compaq_elite_8300_cmt/static.c:147:37: error: excess elements in struct initializer [-Werror]
From f5f73c2539e05cf85bf5eec795e4f91da50838ba Mon Sep 17 00:00:00 2001
From: Kat Inskip <kat@inskip.me>
Date: Tue, 17 Feb 2026 16:18:15 -0800
Subject: [PATCH 48/48] mb/lenovo/sklkbl: Add Lenovo Thinkpad X270 as a variant
This machine is somewhat dissimilar from the X280 in the PCIe allocations in the overridetree. It also lacks soldered RAM, having a single SODIMM slot.
This port was based upon the work done by Johann C Rode for the X280 and the VBT and hda verbs were obtained from that work, not obtained separately. GPIO ports and PCI-e allocations have been checked against schematics after editing.
Functionality has been validated on a ThinkPad X270 with machine type model 20HMS2WU03 with 16GB onboard RAM and i5-7300U CPU. The laptop has been tested running libreboot, booting Guix via GRUB payload. A check of the hardware shows no issues (video, wifi, wired ethernet, reboot, sleep, NVMe).
An untested variety allowing for a Skylake CPU (for 20K5 and 20K6) has been included.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.