2023-06-07 19:49:13 +00:00
#!/usr/bin/env bash
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
function printusage {
echo " Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional) "
exit 0
}
BLOBDIR = " $( cd " $( dirname " ${ BASH_SOURCE [0] } " ) " && pwd ) "
if [ " $# " -eq 0 ] ; then printusage; fi
while getopts ":f:m:i:" opt; do
case $opt in
f)
FILE = " $OPTARG "
; ;
m)
if [ -x " $OPTARG " ] ; then
MECLEAN = " $OPTARG "
fi
; ;
i)
if [ -x " $OPTARG " ] ; then
IFDTOOL = " $OPTARG "
fi
; ;
esac
done
if [ -z " $MECLEAN " ] ; then
MECLEAN = ` command -v $BLOBDIR /../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>& 1| head -n1`
if [ -z " $MECLEAN " ] ; then
echo "me_cleaner.py required but not found or specified with -m. Aborting."
exit 1;
fi
fi
if [ -z " $IFDTOOL " ] ; then
IFDTOOL = ` command -v $BLOBDIR /../../build/coreboot-*/util/ifdtool/ifdtool 2>& 1| head -n1`
if [ -z " $IFDTOOL " ] ; then
echo "ifdtool required but not found or specified with -m. Aborting."
exit 1;
fi
fi
echo " FILE: $FILE "
echo " ME: $MECLEAN "
echo " IFD: $IFDTOOL "
bioscopy = $( mktemp)
extractdir = $( mktemp -d)
echo " ###Copying $FILE under $bioscopy "
cp " $FILE " $bioscopy
cd " $extractdir "
echo " ###Unlocking $bioscopy IFD... "
$IFDTOOL -u $bioscopy
echo "###Extracting regions from ROM..."
$IFDTOOL -x $bioscopy
echo " ###Copying GBE region under $BLOBDIR /gbe.bin... "
cp " $extractdir /flashregion_3_gbe.bin " " $BLOBDIR /gbe.bin "
echo " ###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy , outputting minimized ME under $BLOBDIR /me.bin and adapting BIOS+ME regions under $BLOBDIR /ifd.bin... "
$MECLEAN -r -t -d -O /tmp/unneeded.bin -D " $BLOBDIR /ifd.bin " -M " $BLOBDIR /me.bin " " $bioscopy "
echo "###Cleaning up..."
rm " $bioscopy "
rm -r " $extractdir "
