Merge branch 'x220' of https://github.com/jgrip/heads into jgrip-x220

This commit is contained in:
Trammell hudson 2017-10-09 18:16:45 -04:00
commit 5ebe5a119a
Failed to extract signature
5 changed files with 80 additions and 15 deletions

3
blobs/x220/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
gbe.bin
me.bin
ifd.bin

64
blobs/x220/extract.sh Executable file
View File

@ -0,0 +1,64 @@
#!/bin/bash
function printusage {
echo "Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional)"
exit 0
}
if [ "$#" -eq 0 ]; then printusage; fi
while getopts ":f:m:i:" opt; do
case $opt in
f)
FILE="$OPTARG"
;;
m)
if [ -x "$OPTARG" ]; then
MECLEAN="$OPTARG"
fi
;;
i)
if [ -x "$OPTARG" ]; then
IFDTOOL="$OPTARG"
fi
;;
esac
done
if [ -z "$MECLEAN" ]; then
MECLEAN=`command -v me_cleaner.py 2>&1`
if [ -z "$MECLEAN" ]; then
echo "me_cleaner.py required but not found or specified with -m. Aborting."
exit 1;
fi
fi
if [ -z "$IFDTOOL" ]; then
IFDTOOL=`command -v ifdtool 2>&1`
if [ -z "$IFDTOOL" ]; then
echo "ifdtool required but not found or specified with -m. Aborting."
exit 1;
fi
fi
echo "FILE: $FILE"
echo "ME: $MECLEAN"
echo "IFD: $IFDTOOL"
bioscopy=$(mktemp)
extractdir=$(mktemp -d)
BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cp "$FILE" $bioscopy
cd "$extractdir"
$IFDTOOL -x $bioscopy
cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin"
$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin"
$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy
$IFDTOOL -x $bioscopy.new
cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin"
rm "$bioscopy"
rm "$bioscopy.new"
rm -r "$extractdir"

Binary file not shown.

View File

@ -1,7 +1,7 @@
To build for X220 we need to have the following files in this folder: To build for X220 we need to have the following files in this folder:
* `me.bin` - ME binary that has been stripped and truncated with me_cleaner * `me.bin` - ME binary that has been stripped and truncated with me_cleaner
* `gbe.bin` - Network card blob from the original firmware * `gbe.bin` - Network card blob from the original firmware
* `ifd.bin` - Flash layout file has been provided, layout.txt is also present for changes * `ifd.bin` - Flash layout file has been provided as text
To get the binaries, start with a copy of the original lenovo firmware image. To get the binaries, start with a copy of the original lenovo firmware image.
If you do not have one already, you can read one out from the laptops SPI flash. If you do not have one already, you can read one out from the laptops SPI flash.
@ -10,22 +10,19 @@ If you do not have one already, you can read one out from the laptops SPI flash.
flashrom --programmer internal:laptop=force_I_want_a_brick -r original.bin flashrom --programmer internal:laptop=force_I_want_a_brick -r original.bin
``` ```
Once you have the image, run `ifdtool` to extract the parts. Once you have the image, the provided extraction script will extract the files needed.
``` ```
ifdtool -x origin.bin ./extract.sh -f <romdump>
``` ```
Rename `flashregion_3_gbe.bin` to `gbe.bin` Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located
automatically.
To truncate and neuter the ME blob (this can be done automatically in coreboot 4.6): The flash layout will be automatically adjusted and the ME image cleaned and truncated.
```
me_cleaner -r -t -O me.bin flashregion_2_intel_me.bin"
```
You can now compile the image with: You can now compile the image with:
``` ```
make CONFIG=config/x220-qubes.config make CONFIG=config/x220-generic.config
``` ```

View File

@ -1,4 +1,4 @@
# Configuration for a x220 running Qubes OS # Configuration for a x220 running non-Qubes
BOARD=x220 BOARD=x220
CONFIG_CRYPTSETUP=y CONFIG_CRYPTSETUP=y
@ -19,8 +19,9 @@ CONFIG_DROPBEAR=y
CONFIG_LINUX_USB=y CONFIG_LINUX_USB=y
CONFIG_LINUX_E1000E=y CONFIG_LINUX_E1000E=y
CONFIG_BOOTSCRIPT=/bin/qubes-init CONFIG_BOOTSCRIPT=/bin/generic-init
# Disks encrypted by the TPM LUKS key CONFIG_BOOT_REQ_HASH=n
CONFIG_QUBES_BOOT_DEV="/dev/sda1" CONFIG_BOOT_REQ_ROLLBACK=n
CONFIG_QUBES_VG="qubes_dom0" CONFIG_BOOT_DEV="/dev/sda1"
CONFIG_USB_BOOT_DEV="/dev/sdb1"