2023-01-23 22:30:53 -05:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
function usage() {
|
|
|
|
echo -n \
|
2023-02-25 19:39:18 -05:00
|
|
|
"Usage: $(basename "$0") path_to_output_directory
|
2023-01-23 22:30:53 -05:00
|
|
|
Download Intel ME firmware from Lenovo, neutralize, and shrink.
|
|
|
|
"
|
|
|
|
}
|
|
|
|
|
|
|
|
ME_BIN_HASH="b7cf4c0cf514bbf279d9fddb12c34fca5c1c23e94b000c26275369b924ab9c25"
|
|
|
|
|
|
|
|
if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
|
|
|
|
if [[ "${1:-}" == "--help" ]]; then
|
|
|
|
usage
|
|
|
|
else
|
2023-02-25 19:39:18 -05:00
|
|
|
if [[ -z "${COREBOOT_DIR}" ]]; then
|
|
|
|
echo "ERROR: No COREBOOT_DIR variable defined."
|
|
|
|
exit 1
|
|
|
|
fi
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-28 11:44:48 -05:00
|
|
|
output_dir="$(realpath "${1:-./}")"
|
|
|
|
|
|
|
|
if [[ ! -f "${output_dir}/me.bin" ]]; then
|
|
|
|
# Unpack Lenovo's Windows installer into a temporary directory and
|
|
|
|
# extract the Intel ME blob.
|
2023-02-25 19:39:18 -05:00
|
|
|
pushd "$(mktemp -d)"
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-25 19:39:18 -05:00
|
|
|
curl -O https://download.lenovo.com/pccbbs/mobiles/glrg22ww.exe
|
|
|
|
innoextract glrg22ww.exe
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-25 19:39:18 -05:00
|
|
|
mv app/ME9.1_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner"
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-25 19:39:18 -05:00
|
|
|
popd
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-25 19:39:18 -05:00
|
|
|
# Neutralize and shrink Intel ME. Note that this doesn't include
|
2023-02-28 11:44:48 -05:00
|
|
|
# --soft-disable to set the "ME Disable" or "ME Disable B" (e.g.,
|
|
|
|
# High Assurance Program) bits, as they are defined within the Flash
|
2023-02-25 19:39:18 -05:00
|
|
|
# Descriptor.
|
|
|
|
# https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot
|
2023-02-28 11:44:48 -05:00
|
|
|
pushd "${COREBOOT_DIR}/util/me_cleaner"
|
|
|
|
|
2023-02-25 19:39:18 -05:00
|
|
|
python me_cleaner.py -r -t -O me_shrinked.bin ME9.1_5M_Production.bin
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-28 11:44:48 -05:00
|
|
|
mv me_shrinked.bin "${output_dir}/me.bin"
|
|
|
|
rm ./*.bin
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-28 11:44:48 -05:00
|
|
|
popd
|
2023-02-25 19:39:18 -05:00
|
|
|
fi
|
2023-01-23 22:30:53 -05:00
|
|
|
|
2023-02-28 11:44:48 -05:00
|
|
|
if ! echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then
|
2023-02-25 19:39:18 -05:00
|
|
|
echo "ERROR: SHA256 checksum for me.bin doesn't match."
|
2023-01-23 22:30:53 -05:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|