heads/blobs/librem_skl/get_blobs.sh

219 lines
8.4 KiB
Bash
Raw Normal View History

#!/bin/bash -e
# depends on : wget sha256sum python2.7 bspatch
# Librem 13 v2 and Librem 15 v3 binary blob hashes
SKL_UCODE_SHA="9c84936df700d74612a99e6ab581640ecf423d25a0b74a1ea23a6d9872349213"
SKL_DESCRIPTOR_SHA="d5110807c9d67cea6d546ac62125d87042a868177241be4ae17a2dbedef10017"
SKL_ME_NOCONF_SHA="70f07be7934bdbb215c66455a2b0d32651f3b2ecaf2519d83d8ca9cf475cc366"
SKL_ME_SHA="3042150c7f655293a69bcf886836732fc451439ae551a2babf3173f4f0d9a8d3"
SKL_FSP_SHA="a7dfec436f5a21a66b5a455775599d73a95170a3446849a34e89a64a2bb69820"
SKL_FSPM_SHA="7a1acc72073969e6753bbfe145f06c3f4d35e2516cb241641eae968705e2cc46"
SKL_FSPS_SHA="0dac94d249473e9d366597fd1f96a0232fb7bf045a3d08f16784961273351822"
SKL_VBT_SHA="51fa214ca44a61b171662d4c2ca6adc1aa3dc6c3d7a24bf9ae5f249f012d61c0"
# FSP downloadable from Github
SKL_UCODE_URL="https://github.com/platomav/CPUMicrocodes/raw/bfb23e48eb84dff1495d1c8789f133a1b684de27/Intel/cpu406E3_platC0_ver000000C2_2017-11-16_PRD_C6C6F699.bin"
SKL_FSP_URL="https://github.com/IntelFsp/FSP/raw/8267cde09763c0c699704fbae10e6bd121f01b6a/KabylakeFspBinPkg/Fsp.fd"
SKL_VBT_URL="https://github.com/IntelFsp/FSP/raw/8267cde09763c0c699704fbae10e6bd121f01b6a/KabylakeFspBinPkg/SampleCode/Vbt/Vbt.bin"
SKL_FSP_SPLIT_URL="https://raw.githubusercontent.com/tianocore/edk2/e8a70885d8f34533b6dd69878fe95a249e9af086/IntelFsp2Pkg/Tools/SplitFspBin.py"
SKL_FSP_SPLIT_SHA="f654f6363de68ad78b1baf8b8e573b53715c3bc76f7f3c23562641e49a7033f3"
ME_CLEANER_URL="https://github.com/corna/me_cleaner/raw/9e1611fdf21426d66a29a5ea62b7e30d512859e6/me_cleaner.py"
ME_CLEANER_SHA="412e95538c46d6d4d456987a8897b3d0ad1df118c51378a350540eef51c242d4"
SKL_DESCRIPTOR_URL="https://code.puri.sm/kakaroto/coreboot-files/raw/master/descriptor-skl.bin"
SKL_ME_PATCH_URL="https://code.puri.sm/kakaroto/coreboot-files/raw/master/me11.0.18_config.bspatch"
SKL_ME_PATCH_SHA="49019f89206d6371b1377cf738426c3b0ac60c4b1bb89d5d5de00481e7e4fece"
# Link found on : http://www.win-raid.com/t832f39-Intel-Engine-Firmware-Repositories.html
# Update link if it changes and becomes invalid.
SKL_ME_RAR_URL="http://www.mediafire.com/file/1angqt361xdf8k0/"
SKL_ME_FILENAME="11.0.18.1002_CON_LP_C0_NPDM_PRD_RGN.bin"
SKL_ME_FULL_FILENAME="Intel CSME 11.0 Firmware Repository Pack r50/$SKL_ME_FILENAME"
SKL_ME_RAR_SHA="11a9c199065c513a93c19269ffbb4bb094f8642a97686082e8cd2974673c599d"
# Might be required to compile unrar in case unrar-nonfree is not installed
RAR_NONFREE_SOURCE_URL="https://www.rarlab.com/rar/unrarsrc-5.5.8.tar.gz"
RAR_NONFREE_SOURCE_SHA="9b66e4353a9944bc140eb2a919ff99482dd548f858f5e296d809e8f7cdb2fcf4"
die () {
local msg=$1
echo ""
echo "$msg"
exit 1
}
check_binary () {
local filename=$1
local hash=$2
if [ ! -f "$filename" ]; then
die "Binary blob file '$filename' does not exist"
fi
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Extracted binary '$filename' has the wrong SHA256 hash"
fi
}
check_and_get_url () {
filename=$1
url=$2
hash=$3
description=$4
if [ -f "$filename" ]; then
sha=$(sha256sum "$filename" | awk '{print $1}')
fi
if [ "$sha" != "$hash" ]; then
wget -O "$filename" "$url"
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
fi
}
get_and_split_fsp () {
fsp="fsp.fd"
fsp_M="fsp_M.fd"
fsp_S="fsp_S.fd"
fsp_T="fsp_T.fd"
fspm="fspm.bin"
fsps="fsps.bin"
fsp_split="SplitFspBin.py"
if [ -f "$fspm" ]; then
fspm_sha=$(sha256sum "$fspm" | awk '{print $1}')
fi
if [ -f "$fsps" ]; then
fsps_sha=$(sha256sum "$fsps" | awk '{print $1}')
fi
# No FSP-M or FSP-S
if [ "$fspm_sha" != "$SKL_FSPM_SHA" ] || [ "$fsps_sha" != "$SKL_FSPS_SHA" ]; then
if [ -f "$fsp" ]; then
fsp_sha=$(sha256sum "$fsp" | awk '{print $1}')
fi
# No FSP.fd
if [ "$fsp_sha" != "$SKL_FSP_SHA" ]; then
wget -O "$fsp" "$SKL_FSP_URL"
fsp_sha=$(sha256sum "$fsp" | awk '{print $1}')
if [ "$fsp_sha" != "$SKL_FSP_SHA" ]; then
die "Downloaded FSP image has the wrong SHA256 hash"
fi
fi
# No FspSplit
if [ -f "$fsp_split" ]; then
split_sha=$(sha256sum "$fsp_split" | awk '{print $1}')
fi
if [ "$split_sha" != "$SKL_FSP_SHA" ]; then
wget -O "$fsp_split" "$SKL_FSP_SPLIT_URL"
split_sha=$(sha256sum "$fsp_split" | awk '{print $1}')
if [ "$split_sha" != "$SKL_FSP_SPLIT_SHA" ]; then
die "Downloaded FSP Split Tool has the wrong SHA256 hash"
fi
fi
python2 "$fsp_split" split -f "$fsp"
if [ -f "$fsp_M" ]; then
mv "$fsp_M" "$fspm"
fi
if [ -f "$fsp_S" ]; then
mv "$fsp_S" "$fsps"
fi
fspm_sha=$(sha256sum "$fspm" | awk '{print $1}')
fsps_sha=$(sha256sum "$fsps" | awk '{print $1}')
if [ "$fspm_sha" != "$SKL_FSPM_SHA" ] || [ "$fsps_sha" != "$SKL_FSPS_SHA" ]; then
die "Extracted FSP images have the wrong SHA256 hash"
fi
rm -f "$fsp"
rm -f "$fsp_split"
rm -f "$fsp_T"
fi
}
get_and_patch_me_11 () {
if [ -f "me.bin" ]; then
sha=$(sha256sum "me.bin" | awk '{print $1}')
fi
if [ "$sha" != "$SKL_ME_SHA" ]; then
local rar_filename=me_11_repository.rar
local unrar='unrar-nonfree'
if [ -f "$rar_filename" ]; then
sha=$(sha256sum "$rar_filename" | awk '{print $1}')
fi
if ! type "$unrar" &> /dev/null; then
wget -O unrar.tar.gz "$RAR_NONFREE_SOURCE_URL"
sha=$(sha256sum unrar.tar.gz | awk '{print $1}')
if [ "$sha" != "$RAR_NONFREE_SOURCE_SHA" ]; then
die "Unrar source package has the wrong SHA256 hash"
fi
tar -xzvf unrar.tar.gz
(
cd unrar
make
)
unrar="`pwd`/unrar/unrar"
fi
if [ "$sha" != "$SKL_ME_RAR_SHA" ]; then
DIRECT_LINK=$(wget -O - "$SKL_ME_RAR_URL" 2>/dev/null | grep -o -e 'http://download.*.rar' | head -n 1)
wget -O "$rar_filename" "$DIRECT_LINK"
sha=$(sha256sum "$rar_filename" | awk '{print $1}')
if [ "$sha" != "$SKL_ME_RAR_SHA" ]; then
# We'll assume the rar file was updated again
me_dirname=$("$unrar" l "$rar_filename" | grep '\.\.\.D\.\.\.' | tr -s [:blank:] | cut -d' ' -f 6-)
SKL_ME_FULL_FILENAME="$me_dirname/$SKL_ME_FILENAME"
fi
fi
if type "$unrar" &> /dev/null; then
"$unrar" e -y "$rar_filename" "$SKL_ME_FULL_FILENAME"
else
die "Couldn't extract ME image. Requires unrar-nonfree"
fi
sha=""
if [ -f "$SKL_ME_FILENAME" ]; then
sha=$(sha256sum "$SKL_ME_FILENAME" | awk '{print $1}')
fi
if [ "$sha" != "$SKL_ME_NOCONF_SHA" ]; then
die "Couldn't extract ME image with the correct SHA256 hash"
fi
check_and_get_url me11.0.18_config.bspatch $SKL_ME_PATCH_URL $SKL_ME_PATCH_SHA "ME Patch"
bspatch "$SKL_ME_FILENAME" "me.bin" me11.0.18_config.bspatch
rm -f me11.0.18_config.bspatch
rm -f "$SKL_ME_FILENAME"
rm -f "$rar_filename"
fi
}
apply_me_cleaner() {
if [ -f "me_cleaner.py" ]; then
sha=$(sha256sum "me_cleaner.py" | awk '{print $1}')
fi
if [ "$sha" != "$ME_CLEANER_SHA" ]; then
wget -O "me_cleaner.py" "$ME_CLEANER_URL"
sha=$(sha256sum "me_cleaner.py" | awk '{print $1}')
if [ "$sha" != "$ME_CLEANER_SHA" ]; then
die "Downloaded ME Cleaner has the wrong SHA256 hash"
fi
fi
cat descriptor.bin me.bin > desc_me.bin
python2 "me_cleaner.py" -s desc_me.bin
python2 "me_cleaner.py" -w "MFS" me.bin
dd if=desc_me.bin of=descriptor.bin bs=4096 count=1
rm -f desc_me.bin
rm -f me_cleaner.py
}
check_and_get_url descriptor.bin $SKL_DESCRIPTOR_URL $SKL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_binary descriptor.bin $SKL_DESCRIPTOR_SHA
get_and_patch_me_11
check_binary me.bin $SKL_ME_SHA
apply_me_cleaner
get_and_split_fsp
check_binary fspm.bin $SKL_FSPM_SHA
check_binary fsps.bin $SKL_FSPS_SHA
check_and_get_url vbt.bin $SKL_VBT_URL $SKL_VBT_SHA "Video BIOS Table"
check_and_get_url cpu_microcode_blob.bin $SKL_UCODE_URL $SKL_UCODE_SHA "Intel Microcode Update"