heads/blobs/librem_skl/get_blobs.sh

126 lines
4.2 KiB
Bash
Raw Normal View History

#!/bin/bash -e
# depends on : wget sha256sum gunzip
# Purism source
RELEASES_GIT_HASH="9828ffc0fbe7e0da65f10fe5e14f68f0ef061d5d"
PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/${RELEASES_GIT_HASH}"
# Librem 13 v2/v3 and Librem 15 v3 binary blob hashes
SKL_UCODE_SHA="e528d2ccc5d76cd04bfabb556a3fbb70b93d9aca43e291e0f0104fbaae5720fd"
SKL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524"
SKL_ME_SHA="cf06d3eb8b24490a1ab46fd988b6cef822e5347cd6a2e92bc332cb4a376eb8bc"
SKL_FSPM_SHA="5f402416894c324b6cbf8cba85068ac2c3de9be8dd4f37fae3af6cfed7acc38e"
SKL_FSPS_SHA="223d0f3d3ff28c46a3ac33442385ffedefe2d3063774784d4fef432013568019"
SKL_VBT_SHA="45135459f7cbc06675fec5688479c2e2f4335d77c61bb58e4016d32ba7daa9d0"
# cbfstool, ifdtool, coreboot image from Purism repo
CBFSTOOL_FILE="cbfstool.gz"
CBFSTOOL_URL="$PURISM_SOURCE/tools/$CBFSTOOL_FILE"
CBFSTOOL_SHA="3994cba01a51dd34388c8be89fd329f91575c12e499dfe1b81975d9fd115ce58"
CBFSTOOL_BIN="./cbfstool"
IFDTOOL_FILE="ifdtool.gz"
IFDTOOL_URL="$PURISM_SOURCE/tools/$IFDTOOL_FILE"
IFDTOOL_SHA="08228ece4968794499ebd49a851f7d3f7f1b81352da8cd6e0c7916ac931a7d72"
IFDTOOL_BIN="./ifdtool"
COREBOOT_IMAGE="coreboot-l13v2.rom"
COREBOOT_IMAGE_FILE="$COREBOOT_IMAGE.gz"
COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v2/$COREBOOT_IMAGE_FILE"
COREBOOT_IMAGE_SHA="c703e0e705554bc7eb90814ae933d4372c0042927a6bbd7f27024cb99a8993d6"
die () {
local msg=$1
echo ""
echo "$msg"
exit 1
}
check_and_get_url () {
local filename=$1
local url=$2
local hash=$3
local description=$4
if [ -f "$filename" ]; then
sha=$(sha256sum "$filename" | awk '{print $1}')
fi
if [ "$sha" != "$hash" ]; then
echo " Downloading $description..."
wget -O "$filename" "$url" >/dev/null 2>&1
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
if [ "${filename: -3}" == ".gz" ]; then
gunzip -k $filename
fi
fi
}
check_and_get_blob () {
local filename=$1
local hash=$2
local description=$3
echo "Checking $filename"
if [ -f "$filename" ]; then
sha=$(sha256sum "$filename" | awk '{print $1}')
fi
if [ "$sha" != "$hash" ]; then
# get tools
check_and_get_tools
# extract from coreboot image
check_and_get_url $COREBOOT_IMAGE_FILE $COREBOOT_IMAGE_URL $COREBOOT_IMAGE_SHA "precompiled coreboot image"
echo "Extracting $filename"
if [ $filename = "descriptor.bin" ]; then
$IFDTOOL_BIN -x $COREBOOT_IMAGE >/dev/null 2>&1
mv flashregion_0_flashdescriptor.bin descriptor.bin
echo "Extracting me.bin"
mv flashregion_2_intel_me.bin me.bin
rm flashregion_* > /dev/null 2>&1
elif [ $filename = "me.bin" ]; then
$IFDTOOL_BIN -x $COREBOOT_IMAGE >/dev/null 2>&1
mv flashregion_2_intel_me.bin me.bin
rm flashregion_* > /dev/null 2>&1
else
$CBFSTOOL_BIN $COREBOOT_IMAGE extract -n $filename -f $filename >/dev/null 2>&1
fi
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
fi
}
echo ""
check_and_get_tools() {
check_and_get_url $CBFSTOOL_FILE $CBFSTOOL_URL $CBFSTOOL_SHA "cbfstool"
chmod +x $CBFSTOOL_BIN
check_and_get_url $IFDTOOL_FILE $IFDTOOL_URL $IFDTOOL_SHA "ifdtool"
chmod +x $IFDTOOL_BIN
}
# get tools for extraction
#check_and_get_tools
# get/verify blobs
check_and_get_blob descriptor.bin $SKL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_and_get_blob me.bin $SKL_ME_SHA "Intel ME firmware"
check_and_get_blob fspm.bin $SKL_FSPM_SHA "FSP-M"
check_and_get_blob fsps.bin $SKL_FSPS_SHA "FSP-S"
check_and_get_blob vbt.bin $SKL_VBT_SHA "Video BIOS Table"
check_and_get_blob cpu_microcode_blob.bin $SKL_UCODE_SHA "Intel Microcode Update"
#clean up after ourselves
rm -f $CBFSTOOL_BIN >/dev/null 2>&1
rm -f $IFDTOOL_BIN >/dev/null 2>&1
rm -f $COREBOOT_IMAGE >/dev/null 2>&1
rm -f *.gz >/dev/null 2>&1
echo ""
echo "All blobs have been verified and are ready for use"