diff --git a/blobs/x220/.gitignore b/blobs/x220/.gitignore new file mode 100644 index 00000000..62887eff --- /dev/null +++ b/blobs/x220/.gitignore @@ -0,0 +1,3 @@ +gbe.bin +me.bin +ifd.bin diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh new file mode 100755 index 00000000..173ed7fc --- /dev/null +++ b/blobs/x220/extract.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -m (optional) -i (optional)" + exit 0 +} + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v me_cleaner.py 2>&1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v ifdtool 2>&1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "ME: $MECLEAN" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +cp "$FILE" $bioscopy + +cd "$extractdir" +$IFDTOOL -x $bioscopy +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" +$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin" +$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy +$IFDTOOL -x $bioscopy.new +cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin" + +rm "$bioscopy" +rm "$bioscopy.new" +rm -r "$extractdir" diff --git a/blobs/x220/ifd.bin b/blobs/x220/ifd.bin deleted file mode 100644 index b71c701a..00000000 Binary files a/blobs/x220/ifd.bin and /dev/null differ diff --git a/blobs/x220/readme.md b/blobs/x220/readme.md index d06a24d0..f8c2aabf 100644 --- a/blobs/x220/readme.md +++ b/blobs/x220/readme.md @@ -1,7 +1,7 @@ To build for X220 we need to have the following files in this folder: * `me.bin` - ME binary that has been stripped and truncated with me_cleaner * `gbe.bin` - Network card blob from the original firmware -* `ifd.bin` - Flash layout file has been provided, layout.txt is also present for changes +* `ifd.bin` - Flash layout file has been provided as text To get the binaries, start with a copy of the original lenovo firmware image. If you do not have one already, you can read one out from the laptops SPI flash. @@ -10,22 +10,19 @@ If you do not have one already, you can read one out from the laptops SPI flash. flashrom --programmer internal:laptop=force_I_want_a_brick -r original.bin ``` -Once you have the image, run `ifdtool` to extract the parts. +Once you have the image, the provided extraction script will extract the files needed. ``` -ifdtool -x origin.bin +./extract.sh -f ``` -Rename `flashregion_3_gbe.bin` to `gbe.bin` +Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located +automatically. -To truncate and neuter the ME blob (this can be done automatically in coreboot 4.6): - -``` -me_cleaner -r -t -O me.bin flashregion_2_intel_me.bin" -``` +The flash layout will be automatically adjusted and the ME image cleaned and truncated. You can now compile the image with: ``` -make CONFIG=config/x220-qubes.config +make CONFIG=config/x220-generic.config ``` diff --git a/config/x220-qubes.config b/config/x220-generic.config similarity index 58% rename from config/x220-qubes.config rename to config/x220-generic.config index a2ca71f1..3c8267c6 100644 --- a/config/x220-qubes.config +++ b/config/x220-generic.config @@ -1,4 +1,4 @@ -# Configuration for a x220 running Qubes OS +# Configuration for a x220 running non-Qubes BOARD=x220 CONFIG_CRYPTSETUP=y @@ -18,8 +18,9 @@ CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -CONFIG_BOOTSCRIPT=/bin/qubes-init +CONFIG_BOOTSCRIPT=/bin/generic-init -# Disks encrypted by the TPM LUKS key -CONFIG_QUBES_BOOT_DEV="/dev/sda1" -CONFIG_QUBES_VG="qubes_dom0" +CONFIG_BOOT_REQ_HASH=n +CONFIG_BOOT_REQ_ROLLBACK=n +CONFIG_BOOT_DEV="/dev/sda1" +CONFIG_USB_BOOT_DEV="/dev/sdb1"