ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add cbfs wrapper script to handle PNOR

Browse Source 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This commit is contained in:
Sergii Dmytruk 2022-10-10 00:24:16 +03:00
parent 572c99e898
commit 5ee3219322
No known key found for this signature in database
GPG Key ID: 48579AA47429663E
6 changed files with 40 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
initrd/bin/cbfs.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
set -e -o pipefail
. /etc/functions
. /tmp/config
if pnor "$2" -r HBI > /tmp/pnor.part 2>/dev/null; then
cbfs "$@" -o /tmp/pnor.part && pnor "$2" -w HBI < /tmp/pnor.part
else
cbfs "$@"
fi

10
initrd/bin/config-gui.sh
View File

@ -82,10 +82,10 @@ while true; do
exit 1 exit 1
fi fi
if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then if (cbfs.sh -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user" cbfs.sh -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user"
fi fi
cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user cbfs.sh -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
if (whiptail --title 'Update ROM?' \ if (whiptail --title 'Update ROM?' \
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then
@ -118,8 +118,8 @@ while true; do
rm /boot/kexec* | true rm /boot/kexec* | true
mount -o remount,ro /boot mount -o remount,ro /boot
# clear GPG keys and user settings # clear GPG keys and user settings
for i in `cbfs -o /tmp/config-gui.rom -l | grep -e "heads/"`; do for i in `cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
cbfs -o /tmp/config-gui.rom -d $i cbfs.sh -o /tmp/config-gui.rom -d $i
done done
# flash cleared ROM # flash cleared ROM
/bin/flash.sh -c /tmp/config-gui.rom /bin/flash.sh -c /tmp/config-gui.rom

6
initrd/bin/flash.sh
View File

@ -123,10 +123,10 @@ flash_rom() {
|| die "$ROM: Config preservation failed" || die "$ROM: Config preservation failed"
fi fi
# persist serial number from CBFS # persist serial number from CBFS
if cbfs -r serial_number > /tmp/serial 2>/dev/null; then if cbfs.sh -r serial_number > /tmp/serial 2>/dev/null; then
echo "Persisting system serial" echo "Persisting system serial"
cbfs -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true
cbfs -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial
fi fi
# persist PCHSTRP9 from flash descriptor # persist PCHSTRP9 from flash descriptor
if [ "$CONFIG_BOARD" = "librem_l1um" ]; then if [ "$CONFIG_BOARD" = "librem_l1um" ]; then

28
initrd/bin/gpg-gui.sh
View File

@ -19,10 +19,10 @@ gpg_flash_rom() {
gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust
gpg --update-trust gpg --update-trust
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx" cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg" cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
if [ -e /.gnupg/pubring.gpg ];then if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg rm /.gnupg/pubring.gpg
fi fi
@ -31,33 +31,33 @@ gpg_flash_rom() {
#to be compatible with gpgv1 #to be compatible with gpgv1
if [ -e /.gnupg/pubring.kbx ];then if [ -e /.gnupg/pubring.kbx ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
if [ -e /.gnupg/pubring.gpg ];then if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg rm /.gnupg/pubring.gpg
fi fi
fi fi
if [ -e /.gnupg/pubring.gpg ];then if [ -e /.gnupg/pubring.gpg ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
fi fi
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg" cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
fi fi
if [ -e /.gnupg/trustdb.gpg ]; then if [ -e /.gnupg/trustdb.gpg ]; then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
fi fi
#Remove old method owner trust exported file #Remove old method owner trust exported file
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt" cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt"
fi fi
# persist user config changes # persist user config changes
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user" cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user"
fi fi
if [ -e /etc/config.user ]; then if [ -e /etc/config.user ]; then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
fi fi
/bin/flash.sh /tmp/gpg-gui.rom /bin/flash.sh /tmp/gpg-gui.rom

12
initrd/bin/oem-factory-reset
View File

@ -659,24 +659,24 @@ if ! gpg --update-trust >/dev/null 2>/tmp/error ; then
whiptail_error_die "Error updating GPG ownertrust:\n\n$ERROR" whiptail_error_die "Error updating GPG ownertrust:\n\n$ERROR"
fi fi
# clear any existing heads/gpg files from current firmware # clear any existing heads/gpg files from current firmware
for i in `cbfs -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do for i in `cbfs.sh -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do
cbfs -o /tmp/oem-setup.rom -d $i cbfs.sh -o /tmp/oem-setup.rom -d $i
done done
# add heads/gpg files to current firmware # add heads/gpg files to current firmware
if [ -e /.gnupg/pubring.kbx ];then if [ -e /.gnupg/pubring.kbx ];then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
if [ -e /.gnupg/pubring.gpg ];then if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg rm /.gnupg/pubring.gpg
fi fi
elif [ -e /.gnupg/pubring.gpg ];then elif [ -e /.gnupg/pubring.gpg ];then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
fi fi
if [ -e /.gnupg/trustdb.gpg ]; then if [ -e /.gnupg/trustdb.gpg ]; then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
fi fi
# persist user config changes (boot device) # persist user config changes (boot device)
if [ -e /etc/config.user ]; then if [ -e /etc/config.user ]; then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
fi fi
# flash updated firmware image # flash updated firmware image
echo -e "\nAdding generated key to current firmware and re-flashing...\n" echo -e "\nAdding generated key to current firmware and re-flashing...\n"

4
initrd/etc/functions
View File

@ -276,12 +276,12 @@ preserve_rom() {
old_files=`cbfs -t 50 -l 2>/dev/null | grep "^heads/"` old_files=`cbfs -t 50 -l 2>/dev/null | grep "^heads/"`
for old_file in `echo $old_files`; do for old_file in `echo $old_files`; do
new_file=`cbfs -o $1 -l | grep -x $old_file` new_file=`cbfs.sh -o $1 -l | grep -x $old_file`
if [ -z "$new_file" ]; then if [ -z "$new_file" ]; then
echo "+++ Adding $old_file to $1" echo "+++ Adding $old_file to $1"
cbfs -t 50 -r $old_file >/tmp/rom.$$ \ cbfs -t 50 -r $old_file >/tmp/rom.$$ \
|| die "Failed to read cbfs file from ROM" || die "Failed to read cbfs file from ROM"
cbfs -o $1 -a $old_file -f /tmp/rom.$$ \ cbfs.sh -o $1 -a $old_file -f /tmp/rom.$$ \
|| die "Failed to write cbfs file to new ROM file" || die "Failed to write cbfs file to new ROM file"
fi fi
done done