mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-18 02:39:59 +00:00
Add cbfs wrapper script to handle PNOR
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This commit is contained in:
parent
572c99e898
commit
5ee3219322
10
initrd/bin/cbfs.sh
Executable file
10
initrd/bin/cbfs.sh
Executable file
@ -0,0 +1,10 @@
|
||||
#!/bin/sh
|
||||
set -e -o pipefail
|
||||
. /etc/functions
|
||||
. /tmp/config
|
||||
|
||||
if pnor "$2" -r HBI > /tmp/pnor.part 2>/dev/null; then
|
||||
cbfs "$@" -o /tmp/pnor.part && pnor "$2" -w HBI < /tmp/pnor.part
|
||||
else
|
||||
cbfs "$@"
|
||||
fi
|
@ -82,10 +82,10 @@ while true; do
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
|
||||
cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user"
|
||||
if (cbfs.sh -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
|
||||
cbfs.sh -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user"
|
||||
fi
|
||||
cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
|
||||
cbfs.sh -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
|
||||
|
||||
if (whiptail --title 'Update ROM?' \
|
||||
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then
|
||||
@ -118,8 +118,8 @@ while true; do
|
||||
rm /boot/kexec* | true
|
||||
mount -o remount,ro /boot
|
||||
# clear GPG keys and user settings
|
||||
for i in `cbfs -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
|
||||
cbfs -o /tmp/config-gui.rom -d $i
|
||||
for i in `cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
|
||||
cbfs.sh -o /tmp/config-gui.rom -d $i
|
||||
done
|
||||
# flash cleared ROM
|
||||
/bin/flash.sh -c /tmp/config-gui.rom
|
||||
|
@ -123,10 +123,10 @@ flash_rom() {
|
||||
|| die "$ROM: Config preservation failed"
|
||||
fi
|
||||
# persist serial number from CBFS
|
||||
if cbfs -r serial_number > /tmp/serial 2>/dev/null; then
|
||||
if cbfs.sh -r serial_number > /tmp/serial 2>/dev/null; then
|
||||
echo "Persisting system serial"
|
||||
cbfs -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true
|
||||
cbfs -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial
|
||||
cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true
|
||||
cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial
|
||||
fi
|
||||
# persist PCHSTRP9 from flash descriptor
|
||||
if [ "$CONFIG_BOARD" = "librem_l1um" ]; then
|
||||
|
@ -19,10 +19,10 @@ gpg_flash_rom() {
|
||||
gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust
|
||||
gpg --update-trust
|
||||
|
||||
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
|
||||
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
|
||||
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
|
||||
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
|
||||
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
|
||||
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
|
||||
if [ -e /.gnupg/pubring.gpg ];then
|
||||
rm /.gnupg/pubring.gpg
|
||||
fi
|
||||
@ -31,33 +31,33 @@ gpg_flash_rom() {
|
||||
|
||||
#to be compatible with gpgv1
|
||||
if [ -e /.gnupg/pubring.kbx ];then
|
||||
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
|
||||
if [ -e /.gnupg/pubring.gpg ];then
|
||||
rm /.gnupg/pubring.gpg
|
||||
fi
|
||||
fi
|
||||
if [ -e /.gnupg/pubring.gpg ];then
|
||||
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
|
||||
fi
|
||||
|
||||
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
|
||||
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
|
||||
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
|
||||
fi
|
||||
if [ -e /.gnupg/trustdb.gpg ]; then
|
||||
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
|
||||
fi
|
||||
|
||||
#Remove old method owner trust exported file
|
||||
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
|
||||
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt"
|
||||
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt"
|
||||
fi
|
||||
|
||||
# persist user config changes
|
||||
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
|
||||
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user"
|
||||
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user"
|
||||
fi
|
||||
if [ -e /etc/config.user ]; then
|
||||
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
|
||||
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
|
||||
fi
|
||||
/bin/flash.sh /tmp/gpg-gui.rom
|
||||
|
||||
|
@ -659,24 +659,24 @@ if ! gpg --update-trust >/dev/null 2>/tmp/error ; then
|
||||
whiptail_error_die "Error updating GPG ownertrust:\n\n$ERROR"
|
||||
fi
|
||||
# clear any existing heads/gpg files from current firmware
|
||||
for i in `cbfs -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do
|
||||
cbfs -o /tmp/oem-setup.rom -d $i
|
||||
for i in `cbfs.sh -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do
|
||||
cbfs.sh -o /tmp/oem-setup.rom -d $i
|
||||
done
|
||||
# add heads/gpg files to current firmware
|
||||
if [ -e /.gnupg/pubring.kbx ];then
|
||||
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
|
||||
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
|
||||
if [ -e /.gnupg/pubring.gpg ];then
|
||||
rm /.gnupg/pubring.gpg
|
||||
fi
|
||||
elif [ -e /.gnupg/pubring.gpg ];then
|
||||
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
|
||||
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
|
||||
fi
|
||||
if [ -e /.gnupg/trustdb.gpg ]; then
|
||||
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
|
||||
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
|
||||
fi
|
||||
# persist user config changes (boot device)
|
||||
if [ -e /etc/config.user ]; then
|
||||
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
|
||||
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
|
||||
fi
|
||||
# flash updated firmware image
|
||||
echo -e "\nAdding generated key to current firmware and re-flashing...\n"
|
||||
|
@ -276,12 +276,12 @@ preserve_rom() {
|
||||
old_files=`cbfs -t 50 -l 2>/dev/null | grep "^heads/"`
|
||||
|
||||
for old_file in `echo $old_files`; do
|
||||
new_file=`cbfs -o $1 -l | grep -x $old_file`
|
||||
new_file=`cbfs.sh -o $1 -l | grep -x $old_file`
|
||||
if [ -z "$new_file" ]; then
|
||||
echo "+++ Adding $old_file to $1"
|
||||
cbfs -t 50 -r $old_file >/tmp/rom.$$ \
|
||||
|| die "Failed to read cbfs file from ROM"
|
||||
cbfs -o $1 -a $old_file -f /tmp/rom.$$ \
|
||||
cbfs.sh -o $1 -a $old_file -f /tmp/rom.$$ \
|
||||
|| die "Failed to write cbfs file to new ROM file"
|
||||
fi
|
||||
done
|
||||
|
Loading…
Reference in New Issue
Block a user