I currently check the downloaded files e.g. .exe file, but then I don't check - or even define - sha512sums for the files extracted from them e.g. me.bin This patch fixes that. It also caches the hashed files, so that extraction is faster on a re-run - this makes release builds go faster, when running ./mk release If a checksum is not defined, i.e. blank, then a warning is given, telling you to check a specific directory. This way, when adding new vendor files, you can add it first without specifying the checksum, e.g. me.bin checksum. Then you can manually inspect the files that were extracted, and define it, then test again. In a given pkg.cfg for config/vendor, the following variables are now available for use: FSPM_bin_hash for fsp m module FSPS_bin_hash for fsp s module EC_FW1_hash for KBC1126 EC firmware (1st file) EC_FW2_hash for KBC1126 EC firmware (2nd file) ME_bin_hash for me.bin MRC_bin_hash for mrc.bin (broadwell boards) REF_bin_hash for refcode (broadwell boards) SCH5545EC_bin_hash for sch5545 firmware (Dell Precision T1650) TBFW_bin_hash for Lenovo ThunderBolt firmware (e.g. T480/T480s) E6400_VGA_bin_hash for Dell E6400 Nvidia VGA ROM In practise, most people use release archives, and the inject script, so I knew those were reliable, because the ROM images were hashed prior to removing files. This patch benefits people using lbmk.git directly, without using release files, because now they know they have a valid file e.g. me.bin Previously, only the download was checked, not the extracted files, which meant that the only thing preventing a brick was the code not being buggy. Any number of bugs could pop up in the future, so this new level of integrity will protect against such a scenario, and provide early warning prompting bug fixes. Signed-off-by: Leah Rowe <leah@libreboot.org>
Libreboot
Documentation: libreboot.org
Support: #libreboot on
Libera IRC
Libreboot provides libre boot firmware on supported motherboards. It replaces proprietary vendor BIOS/UEFI implementations, by
- Using coreboot to initialize the hardware (e.g. memory controller, CPU, etc.) while minimizing unwanted functionality (e.g. backdoors such as the Intel Management Engine)
- ... which runs a payload such as SeaBIOS, GRUB, or U-Boot
- ... which loads your operating system's boot loader (BSD and Linux-based systems are supported).
Why use Libreboot, and what is coreboot?
A lot of users who use libre operating systems still use proprietary boot firmware, which often contain backdoors and bugs, hampering user freedom and right to repair.
coreboot provides libre boot firmware by initializing the hardware then running a payload. However, coreboot is notoriously difficult to configure and install for most non-technical users, requiring detailed technical knowledge of hardware.
Libreboot solves this by being a coreboot distribution (in the same way that Alpine Linux is a Linux distribution). It provides a fully automated build system that downloads and compiles pre-configured ROM images for supported motherboards, so end-users could easily fetch images to flash onto their devices.
Libreboot also produces documentation aimed at non-technical users and excellent user support via IRC.
Contribute
You can check bugs listed on the bug tracker.
You may use Codeberg pull requests to send patches with bug fixes or other improvements. This repository hosts the code for the main build system. The website lives in a separate repository.
Development is also done on the IRC channel.
License for this README
It's just a README file. It is released under Creative Commons Zero, version 1.0.