From 6f48c14d0c9b24148d60025c50355bb9bb6d439f Mon Sep 17 00:00:00 2001 From: Johan Grip Date: Fri, 4 Aug 2017 22:48:27 +0200 Subject: [PATCH] Update X220 to do generic image instead of qubes. Also added a script to extract the necessary blobs from a bios dump image. --- blobs/x220/.gitignore | 3 + blobs/x220/extract.sh | 64 ++++++++++++++++++ blobs/x220/ifd.bin | Bin 4096 -> 0 bytes blobs/x220/readme.md | 17 ++--- ...{x220-qubes.config => x220-generic.config} | 11 +-- 5 files changed, 80 insertions(+), 15 deletions(-) create mode 100644 blobs/x220/.gitignore create mode 100755 blobs/x220/extract.sh delete mode 100644 blobs/x220/ifd.bin rename config/{x220-qubes.config => x220-generic.config} (58%) diff --git a/blobs/x220/.gitignore b/blobs/x220/.gitignore new file mode 100644 index 00000000..62887eff --- /dev/null +++ b/blobs/x220/.gitignore @@ -0,0 +1,3 @@ +gbe.bin +me.bin +ifd.bin diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh new file mode 100755 index 00000000..173ed7fc --- /dev/null +++ b/blobs/x220/extract.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -m (optional) -i (optional)" + exit 0 +} + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v me_cleaner.py 2>&1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v ifdtool 2>&1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "ME: $MECLEAN" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +cp "$FILE" $bioscopy + +cd "$extractdir" +$IFDTOOL -x $bioscopy +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" +$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin" +$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy +$IFDTOOL -x $bioscopy.new +cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin" + +rm "$bioscopy" +rm "$bioscopy.new" +rm -r "$extractdir" diff --git a/blobs/x220/ifd.bin b/blobs/x220/ifd.bin deleted file mode 100644 index b71c701a0a7c98e0fa13e2b0619c15b86f73faa5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4096 zcmezW9~DF`{lL%6z{1SNBp{@~sK}toz`%g4LWN<1Cr}6sK;j^VB*TApW(ElcMg}H^ z|NN-xK|BzaVC3LHHfOM~o30CZ@H2vZ5e_04m>!-0)5t^vFN1*#gCoOq28Nl);&sdr z9utrnEdC+Y9Uvc&s%KRFXb6mkz-S1JhQMeDjE2By2#kinXb6mkz|aVRLki*ytO~3O z?;RlYepPPnBLh7{Lqkjax`vl50D1%{SpWb4 diff --git a/blobs/x220/readme.md b/blobs/x220/readme.md index d06a24d0..f8c2aabf 100644 --- a/blobs/x220/readme.md +++ b/blobs/x220/readme.md @@ -1,7 +1,7 @@ To build for X220 we need to have the following files in this folder: * `me.bin` - ME binary that has been stripped and truncated with me_cleaner * `gbe.bin` - Network card blob from the original firmware -* `ifd.bin` - Flash layout file has been provided, layout.txt is also present for changes +* `ifd.bin` - Flash layout file has been provided as text To get the binaries, start with a copy of the original lenovo firmware image. If you do not have one already, you can read one out from the laptops SPI flash. @@ -10,22 +10,19 @@ If you do not have one already, you can read one out from the laptops SPI flash. flashrom --programmer internal:laptop=force_I_want_a_brick -r original.bin ``` -Once you have the image, run `ifdtool` to extract the parts. +Once you have the image, the provided extraction script will extract the files needed. ``` -ifdtool -x origin.bin +./extract.sh -f ``` -Rename `flashregion_3_gbe.bin` to `gbe.bin` +Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located +automatically. -To truncate and neuter the ME blob (this can be done automatically in coreboot 4.6): - -``` -me_cleaner -r -t -O me.bin flashregion_2_intel_me.bin" -``` +The flash layout will be automatically adjusted and the ME image cleaned and truncated. You can now compile the image with: ``` -make CONFIG=config/x220-qubes.config +make CONFIG=config/x220-generic.config ``` diff --git a/config/x220-qubes.config b/config/x220-generic.config similarity index 58% rename from config/x220-qubes.config rename to config/x220-generic.config index a2ca71f1..3c8267c6 100644 --- a/config/x220-qubes.config +++ b/config/x220-generic.config @@ -1,4 +1,4 @@ -# Configuration for a x220 running Qubes OS +# Configuration for a x220 running non-Qubes BOARD=x220 CONFIG_CRYPTSETUP=y @@ -18,8 +18,9 @@ CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -CONFIG_BOOTSCRIPT=/bin/qubes-init +CONFIG_BOOTSCRIPT=/bin/generic-init -# Disks encrypted by the TPM LUKS key -CONFIG_QUBES_BOOT_DEV="/dev/sda1" -CONFIG_QUBES_VG="qubes_dom0" +CONFIG_BOOT_REQ_HASH=n +CONFIG_BOOT_REQ_ROLLBACK=n +CONFIG_BOOT_DEV="/dev/sda1" +CONFIG_USB_BOOT_DEV="/dev/sdb1"