diff --git a/.circleci/config.yml b/.circleci/config.yml index 045d77ae..71947923 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -101,7 +101,7 @@ jobs: - run: name: Download, neuter and deguard xx80 ME (keep generated GBE and extracted IFD in tree) command: | - ./blobs/xx80/download_clean_deguard_me.sh -m $(readlink -f ./blobs/utils/me_cleaner/me_cleaner.py) ./blobs/xx80/ + ./blobs/xx80/download_clean_deguard_me_pad_tb.sh -m $(readlink -f ./blobs/utils/me_cleaner/me_cleaner.py) ./blobs/xx80/ - run: name: Download and extract t530 vbios roms for dgpu boards command: | diff --git a/blobs/xx80/.gitignore b/blobs/xx80/.gitignore index 24d49395..326bba65 100644 --- a/blobs/xx80/.gitignore +++ b/blobs/xx80/.gitignore @@ -1 +1,2 @@ me.bin +tb.bin diff --git a/blobs/xx80/download_clean_deguard_me.sh b/blobs/xx80/download_clean_deguard_me_pad_tb.sh similarity index 70% rename from blobs/xx80/download_clean_deguard_me.sh rename to blobs/xx80/download_clean_deguard_me_pad_tb.sh index e9f7011b..b33732bd 100755 --- a/blobs/xx80/download_clean_deguard_me.sh +++ b/blobs/xx80/download_clean_deguard_me_pad_tb.sh @@ -7,15 +7,23 @@ ME_version="11.6.0.1126" ME_sku="2M" ME_pch="LP" +# Thunderbolt firmware offset in bytes to pad to 1M +TBFW_SIZE=1048575 + # Integrity checks for the vendor provided ME blob... ME_DOWNLOAD_HASH="ddfbc51430699e0dfcb24a60bcb5b6e5481b325ebecf1ac177e069013189e4b0" # ...and the cleaned and deguarded version from that blob. DEGUARDED_ME_BIN_HASH="1990b42df67ba70292f4f6e2660efb909917452dcb9bd4b65ea2f86402cfa16b" +# Integrity checks for the vendor provided Thunderbolt blob... +TB_DOWNLOAD_HASH="a500a93fe6a3728aa6676c70f98cf46785ef15da7c5b1ccd7d3a478d190a28a8" +# ...and the padded and flashable version from that blob. +TB_BIN_HASH="3903a93df700dee46ca2ccbb9e70e09f25f372fcfc1d5df7338640748117b964" function usage() { echo -n \ "Usage: $(basename "$0") -m (optional) path_to_output_directory Download Intel ME firmware from Dell, neutralize and shrink keeping the MFS. +Download Thunderbolt firmware from Lenovo and pad it for flashing externally. " } @@ -30,15 +38,14 @@ function chk_sha256sum() { fi } -function chk_exists() { - if [ -e "$me_deguarded" ]; then - echo "me.bin already exists" - if echo "${DEGUARDED_ME_BIN_HASH} $me_deguarded" | sha256sum --check; then - echo "SKIPPING: SHA256 checksum for me.bin matches." - exit 0 +function chk_exists_and_matches() { + if [[ -f "$1" ]]; then + if echo "${2} ${1}" | sha256sum --check; then + echo "SKIPPING: SHA256 checksum for $1 matches." + [[ "$3" = ME ]] && me_exists="y" + [[ "$3" = TB ]] && tb_exists="y" fi - retry="y" - echo "me.bin exists but checksum doesn't match. Continuing..." + echo "$1 exists but checksum doesn't match. Continuing..." fi } @@ -102,6 +109,30 @@ function deguard() { popd || exit } +function download_and_pad_tb() { + tb_output="$(realpath "${1}")" + + # Download and unpack the Lenovo installer into a temporary directory and + # extract the TB blob. + pushd "$(mktemp -d)" || exit + + # Download the installer that contains the TB blob + tb_installer_filename=""n24th13w.exe"" + user_agent="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0" + curl -A "$user_agent" -s -O "https://download.lenovo.com/pccbbs/mobiles/${tb_installer_filename}" + chk_sha256sum "$TB_DOWNLOAD_HASH" "$tb_installer_filename" + + # https://www.reddit.com/r/thinkpad/comments/9rnimi/ladies_and_gentlemen_i_present_to_you_the/ + 7z e n24th13w.exe \[0\] + mv \[0\] tb.bin + # pad with zeros + dd if=/dev/zero of=tb.bin bs=1 seek="$TBFW_SIZE" count=1 + mv "tb.bin" "$tb_output" + + rm -rf ./* + popd || exit +} + function usage_err() { echo "$1" usage @@ -138,7 +169,9 @@ function parse_params() { fi me_cleaned="${output_dir}/me_cleaned.bin" me_deguarded="${output_dir}/me.bin" + tb_flashable="${output_dir}/tb.bin" echo "Writing cleaned and deguarded ME to ${me_deguarded}" + echo "Writing flashable TB to ${tb_flashable}" } if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then @@ -148,13 +181,19 @@ if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then fi parse_params "$@" - chk_exists + chk_exists_and_matches "$me_deguarded" "$DEGUARDED_ME_BIN_HASH" ME + chk_exists_and_matches "$tb_flashable" "$TB_BIN_HASH" TB - if [[ ! -f "$me_deguarded" ]] || [ "$retry" = "y" ]; then + if [[ -z "$me_exists" ]]; then download_and_clean "$me_cleaner" "$me_cleaned" deguard "$me_cleaned" "$me_deguarded" rm -f "$me_cleaned" fi - + + if [[ -z "$tb_exists" ]]; then + download_and_pad_tb "$tb_flashable" + fi + chk_sha256sum "$DEGUARDED_ME_BIN_HASH" "$me_deguarded" + chk_sha256sum "$TB_BIN_HASH" "$tb_flashable" fi \ No newline at end of file diff --git a/blobs/xx80/hashes.txt b/blobs/xx80/hashes.txt index 125e5214..8ca7f9be 100644 --- a/blobs/xx80/hashes.txt +++ b/blobs/xx80/hashes.txt @@ -1,3 +1,4 @@ d3af2dfbf128bcddfc8c5810a11478697312e5701668f719f80f3f6322db5642 gbe.bin f2f6d5fb0a5e02964b494862032fd93f1f88e2febd9904b936083600645c7fdf ifd.bin 1990b42df67ba70292f4f6e2660efb909917452dcb9bd4b65ea2f86402cfa16b me.bin +3903a93df700dee46ca2ccbb9e70e09f25f372fcfc1d5df7338640748117b964 tb.bin diff --git a/config/coreboot-t480-maximized.config b/config/coreboot-t480-maximized.config index 60f2a6fa..c873b4ee 100644 --- a/config/coreboot-t480-maximized.config +++ b/config/coreboot-t480-maximized.config @@ -222,7 +222,7 @@ CONFIG_PS2M_EISAID="PNP0F13" CONFIG_THINKPADEC_HKEY_EISAID="IBM0068" CONFIG_GFX_GMA_PANEL_1_PORT="eDP" CONFIG_BOARD_LENOVO_SKLKBL_THINKPAD_COMMON=y -CONFIG_LENOVO_TBFW_BIN="" +CONFIG_LENOVO_TBFW_BIN="@BLOB_DIR@/xx80/tb.bin" # CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set CONFIG_POWER_STATE_DEFAULT_ON_AFTER_FAILURE=y CONFIG_D3COLD_SUPPORT=y diff --git a/targets/xx80_me_blobs.mk b/targets/xx80_me_blobs.mk index 52c88d77..88bf5f26 100644 --- a/targets/xx80_me_blobs.mk +++ b/targets/xx80_me_blobs.mk @@ -6,14 +6,17 @@ # following to have gbe.bin ifd.bin and me.bin # - blobs/xx80/download_clean_me_and_deguard.sh # To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx80/extract_and_deguard.sh -# To extract ME binary, GBE and IFD blobs and apply the deguard exploit to the the ME binary. +# reduced IFD ME region and expanded BIOS IFD region. +# Also creates the tb.bin blob to flash the Thunderbolt SPI. # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx80/me.bin + $(pwd)/blobs/xx80/me.bin $(pwd)/blobs/xx80/tb.bin $(pwd)/blobs/xx80/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx80/download_clean_deguard_me.sh $(pwd)/blobs/xx80 + $(pwd)/blobs/xx80/download_clean_deguard_me_pad_tb.sh \ + -m $(pwd)/blobs/utils/me_cleaner/me_cleaner.py $(pwd)/blobs/xx80 + +$(pwd)/blobs/xx80/tb.bin: \ + $(pwd)/blobs/xx80/me.bin + cp $(pwd)/blobs/xx80/tb.bin $(build)/$(BOARD)/