ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-04-11 13:20:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

get_blobs: extract blobs from precompiled Purism coreboot images

Browse Source 
Rather than download large repositories of files from sources we
don't control and patch files as needed, simply extract the
files from precompiled, known good Purism coreboot images.

This offers multiple advantages:
 - single source for all blobs, which we control
 - significantly smaller download requirements for end user
 - significantly less script complexity
 - much, much faster

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
This commit is contained in:
Matt DeVillier 2019-03-01 01:10:09 -06:00
parent 6612352a60
commit 92fdb0392b
2 changed files with 168 additions and 387 deletions
blobs
librem_kbl
get_blobs.sh
librem_skl
get_blobs.sh

280
blobs/librem_kbl/get_blobs.sh

@ -1,48 +1,32 @@
#!/bin/bash -e
# depends on : wget sha256sum python2.7 bspatch pv
# depends on : wget sha256sum gunzip
# Purism source
PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/master"
# Librem 13 v4 and Librem 15 v4 binary blob hashes
KBL_UCODE_SHA="a420274eecca369fcca465cc46725d61c0ae8ca2e18f201b1751faf9e081fb2e"
KBL_ME_NOCONF_SHA="912271bb3ff2cf0e2e27ccfb94337baaca027e6c90b4245f9807a592c8a652e1"
KBL_ME_SHA="9c91052d457890c4a451c6ab69aabeeac98c95dce50cf462aa5c179236a27ba1"
KBL_FSP_SHA="74e579604bdc3eb6527f7add384d6b18e16eee76953748b226fe05129d83b419"
KBL_FSPM_SHA="b6431369b921df1c3ec01498e04e9dab331aa5b5fc4fbbb67b03ea87de27cd96"
KBL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524"
KBL_ME_SHA="0eec2e1135193941edd39d0ec0f463e353d0c6c9068867a2f32a72b64334fb34"
KBL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d"
KBL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf"
KBL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98"
# Microcode, FSP downloadable from Github
KBL_UCODE_URL="https://github.com/platomav/CPUMicrocodes/raw/0d88b2eba0c9930e69180423d3fb9f348d5ca14f/Intel/cpu806E9_platC0_ver0000009A_2018-07-16_PRD_DDFC5B64.bin"
KBL_FSP_URL="https://github.com/IntelFsp/FSP/raw/324ffc02523bf23a907a3ff305b43b5047adf1c5/KabylakeFspBinPkg/Fsp.fd"
KBL_VBT_URL="https://github.com/IntelFsp/FSP/raw/324ffc02523bf23a907a3ff305b43b5047adf1c5/KabylakeFspBinPkg/SampleCode/Vbt/Vbt.bin"
KBL_FSP_SPLIT_URL="https://raw.githubusercontent.com/tianocore/edk2/e8a70885d8f34533b6dd69878fe95a249e9af086/IntelFsp2Pkg/Tools/SplitFspBin.py"
KBL_FSP_SPLIT_SHA="f654f6363de68ad78b1baf8b8e573b53715c3bc76f7f3c23562641e49a7033f3"
# cbfstool, ifdtool, coreboot image from Purism repo
CBFSTOOL_FILE="cbfstool.gz"
CBFSTOOL_URL="$PURISM_SOURCE/tools/$CBFSTOOL_FILE"
CBFSTOOL_SHA="3994cba01a51dd34388c8be89fd329f91575c12e499dfe1b81975d9fd115ce58"
CBFSTOOL_BIN="./cbfstool"
# Firmware descriptor from purism repo
KBL_DESCRIPTOR_URL="https://source.puri.sm/coreboot/coreboot-files/raw/master/descriptor-skl.bin"
KBL_DESCRIPTOR_SHA="d5110807c9d67cea6d546ac62125d87042a868177241be4ae17a2dbedef10017"
IFDTOOL_FILE="ifdtool.gz"
IFDTOOL_URL="$PURISM_SOURCE/tools/$IFDTOOL_FILE"
IFDTOOL_SHA="08228ece4968794499ebd49a851f7d3f7f1b81352da8cd6e0c7916ac931a7d72"
IFDTOOL_BIN="./ifdtool"
# ME Cleaner from github
ME_CLEANER_URL="https://github.com/corna/me_cleaner/raw/9e1611fdf21426d66a29a5ea62b7e30d512859e6/me_cleaner.py"
ME_CLEANER_SHA="412e95538c46d6d4d456987a8897b3d0ad1df118c51378a350540eef51c242d4"
# Intel ME binaries (unconfigured)
# Link found on : http://www.win-raid.com/t832f39-Intel-Engine-Firmware-Repositories.html
# Update link if it changes and becomes invalid.
KBL_ME_RAR_URL="https://mega.nz/#!6JlAla6a!hvulc0ZYCj19OzOZoyKimZSh8bxHw9Qmy6bQ8h_xKTU"
KBL_ME_FILENAME="11.6.0.1126_CON_LP_C_NPDM_PRD_RGN.bin"
KBL_ME_FULL_FILENAME="Intel CSME 11.6 Firmware Repository Pack r28/$KBL_ME_FILENAME"
KBL_ME_RAR_SHA="3c23134fca8de7c9b47dd4d62498bcde549ad07565d158c69f4ed33f9bda8270"
KBL_ME_PATCH="me11.6.0.1126_config.bspatch"
KBL_ME_PATCH_URL="https://source.puri.sm/coreboot/coreboot-files/raw/master/$KBL_ME_PATCH"
KBL_ME_PATCH_SHA="63a245326979777b102da8df2f278c590c60c2cd6b4911d3ac430d3feb02646e"
# Needed to download KBL_ME_RAR_URL
MEGADOWN_URL="https://github.com/tonikelope/megadown.git"
MEGADOWN_GOOD_COMMIT="83c53ddad1c32bf6d35c61fcd12a2fa94271ff77"
# Might be required to compile unrar in case unrar-nonfree is not installed
RAR_NONFREE_SOURCE_URL="https://www.rarlab.com/rar/unrarsrc-5.5.8.tar.gz"
RAR_NONFREE_SOURCE_SHA="9b66e4353a9944bc140eb2a919ff99482dd548f858f5e296d809e8f7cdb2fcf4"
COREBOOT_IMAGE="coreboot-l13v4.rom"
COREBOOT_IMAGE_FILE="$COREBOOT_IMAGE.gz"
COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v4/$COREBOOT_IMAGE_FILE"
COREBOOT_IMAGE_SHA="4491efd0a8b2de5a88fd7491a5d2605884ed956c3d271d7761906269b4cfb601"
die () {
local msg=$1
@ -52,187 +36,89 @@ die () {
exit 1
}
check_binary () {
local filename=$1
local hash=$2
if [ ! -f "$filename" ]; then
die "Binary blob file '$filename' does not exist"
fi
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Extracted binary '$filename' has the wrong SHA256 hash"
fi
}
check_and_get_url () {
filename=$1
url=$2
hash=$3
description=$4
local filename=$1
local url=$2
local hash=$3
local description=$4
if [ -f "$filename" ]; then
sha=$(sha256sum "$filename" | awk '{print $1}')
fi
if [ "$sha" != "$hash" ]; then
wget -O "$filename" "$url"
echo " Downloading $description..."
wget -O "$filename" "$url" >/dev/null 2>&1
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
if [ "${filename: -3}" == ".gz" ]; then
gunzip -k $filename
fi
fi
}
get_and_split_fsp () {
fsp="fsp.fd"
fsp_M="fsp_M.fd"
fsp_S="fsp_S.fd"
fsp_T="fsp_T.fd"
fspm="fspm.bin"
fsps="fsps.bin"
fsp_split="SplitFspBin.py"
check_and_get_blob () {
local filename=$1
local hash=$2
local description=$3
if [ -f "$fspm" ]; then
fspm_sha=$(sha256sum "$fspm" | awk '{print $1}')
echo "Checking $filename"
if [ -f "$filename" ]; then
sha=$(sha256sum "$filename" | awk '{print $1}')
fi
if [ -f "$fsps" ]; then
fsps_sha=$(sha256sum "$fsps" | awk '{print $1}')
fi
# No FSP-M or FSP-S
if [ "$fspm_sha" != "$KBL_FSPM_SHA" ] || [ "$fsps_sha" != "$KBL_FSPS_SHA" ]; then
if [ -f "$fsp" ]; then
fsp_sha=$(sha256sum "$fsp" | awk '{print $1}')
fi
# No FSP.fd
if [ "$fsp_sha" != "$KBL_FSP_SHA" ]; then
wget -O "$fsp" "$KBL_FSP_URL"
fsp_sha=$(sha256sum "$fsp" | awk '{print $1}')
if [ "$fsp_sha" != "$KBL_FSP_SHA" ]; then
die "Downloaded FSP image has the wrong SHA256 hash"
fi
fi
# No FspSplit
if [ -f "$fsp_split" ]; then
split_sha=$(sha256sum "$fsp_split" | awk '{print $1}')
fi
if [ "$split_sha" != "$KBL_FSP_SHA" ]; then
wget -O "$fsp_split" "$KBL_FSP_SPLIT_URL"
split_sha=$(sha256sum "$fsp_split" | awk '{print $1}')
if [ "$split_sha" != "$KBL_FSP_SPLIT_SHA" ]; then
die "Downloaded FSP Split Tool has the wrong SHA256 hash"
fi
fi
python2 "$fsp_split" split -f "$fsp"
if [ -f "$fsp_M" ]; then
mv "$fsp_M" "$fspm"
fi
if [ -f "$fsp_S" ]; then
mv "$fsp_S" "$fsps"
fi
fspm_sha=$(sha256sum "$fspm" | awk '{print $1}')
fsps_sha=$(sha256sum "$fsps" | awk '{print $1}')
if [ "$fspm_sha" != "$KBL_FSPM_SHA" ] || [ "$fsps_sha" != "$KBL_FSPS_SHA" ]; then
die "Extracted FSP images have the wrong SHA256 hash"
fi
rm -f "$fsp"
rm -f "$fsp_split"
rm -f "$fsp_T"
fi
}
get_and_patch_me_11 () {
if [ -f "me.bin" ]; then
sha=$(sha256sum "me.bin" | awk '{print $1}')
fi
if [ "$sha" != "$KBL_ME_SHA" ]; then
local rar_filename=me_11_repository.rar
local unrar='unrar-nonfree'
if [ -f "$rar_filename" ]; then
sha=$(sha256sum "$rar_filename" | awk '{print $1}')
fi
if ! type "$unrar" &> /dev/null; then
wget -O unrar.tar.gz "$RAR_NONFREE_SOURCE_URL"
sha=$(sha256sum unrar.tar.gz | awk '{print $1}')
if [ "$sha" != "$RAR_NONFREE_SOURCE_SHA" ]; then
die "Unrar source package has the wrong SHA256 hash"
fi
tar -xzvf unrar.tar.gz
(
cd unrar
make
)
unrar="`pwd`/unrar/unrar"
fi
if [ "$sha" != "$KBL_ME_RAR_SHA" ]; then
if [ ! -d megadown ]; then
git clone $MEGADOWN_URL
fi
(
cd megadown
git checkout $MEGADOWN_GOOD_COMMIT
echo -e "\n\nDownloading ME 11 Repository from $KBL_ME_RAR_URL"
echo "Please be patient while the download finishes..."
rm -f ../$rar_filename 2> /dev/null
./megadown "$KBL_ME_RAR_URL" -o ../$rar_filename 2>/dev/null
)
sha=$(sha256sum "$rar_filename" | awk '{print $1}')
if [ "$sha" != "$KBL_ME_RAR_SHA" ]; then
# We'll assume the rar file was updated again
me_dirname=$("$unrar" l "$rar_filename" | grep '\.\.\.D\.\.\.' | tr -s [:blank:] | cut -d' ' -f 6-)
KBL_ME_FULL_FILENAME="$me_dirname/$KBL_ME_FILENAME"
fi
fi
if type "$unrar" &> /dev/null; then
"$unrar" e -y "$rar_filename" "$KBL_ME_FULL_FILENAME"
if [ "$sha" != "$hash" ]; then
# get tools
check_and_get_tools
# extract from coreboot image
check_and_get_url $COREBOOT_IMAGE_FILE $COREBOOT_IMAGE_URL $COREBOOT_IMAGE_SHA "precompiled coreboot image"
echo "Extracting $filename"
if [ $filename = "descriptor.bin" ]; then
$IFDTOOL_BIN -x $COREBOOT_IMAGE >/dev/null 2>&1
mv flashregion_0_flashdescriptor.bin descriptor.bin
echo "Extracting me.bin"
mv flashregion_2_intel_me.bin me.bin
rm flashregion_* > /dev/null 2>&1
elif [ $filename = "me.bin" ]; then
$IFDTOOL_BIN -x $COREBOOT_IMAGE >/dev/null 2>&1
mv flashregion_2_intel_me.bin me.bin
rm flashregion_* > /dev/null 2>&1
else
die "Couldn't extract ME image. Requires unrar-nonfree"
$CBFSTOOL_BIN $COREBOOT_IMAGE extract -n $filename -f $filename >/dev/null 2>&1
fi
sha=""
if [ -f "$KBL_ME_FILENAME" ]; then
sha=$(sha256sum "$KBL_ME_FILENAME" | awk '{print $1}')
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
if [ "$sha" != "$KBL_ME_NOCONF_SHA" ]; then
die "Couldn't extract ME image with the correct SHA256 hash"
fi
check_and_get_url $KBL_ME_PATCH $KBL_ME_PATCH_URL $KBL_ME_PATCH_SHA "ME Patch"
bspatch "$KBL_ME_FILENAME" "me.bin" "$KBL_ME_PATCH"
rm -f "$KBL_ME_PATCH"
rm -f "$KBL_ME_FILENAME"
rm -f "$rar_filename"
fi
}
apply_me_cleaner() {
if [ -f "me_cleaner.py" ]; then
sha=$(sha256sum "me_cleaner.py" | awk '{print $1}')
fi
if [ "$sha" != "$ME_CLEANER_SHA" ]; then
wget -O "me_cleaner.py" "$ME_CLEANER_URL"
sha=$(sha256sum "me_cleaner.py" | awk '{print $1}')
if [ "$sha" != "$ME_CLEANER_SHA" ]; then
die "Downloaded ME Cleaner has the wrong SHA256 hash"
fi
fi
cat descriptor.bin me.bin > desc_me.bin
python2 "me_cleaner.py" -s desc_me.bin
python2 "me_cleaner.py" -w "MFS" me.bin
dd if=desc_me.bin of=descriptor.bin bs=4096 count=1
rm -f desc_me.bin
rm -f me_cleaner.py
}
check_and_get_url descriptor.bin $KBL_DESCRIPTOR_URL $KBL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_binary descriptor.bin $KBL_DESCRIPTOR_SHA
get_and_patch_me_11
check_binary me.bin $KBL_ME_SHA
apply_me_cleaner
get_and_split_fsp
check_binary fspm.bin $KBL_FSPM_SHA
check_binary fsps.bin $KBL_FSPS_SHA
check_and_get_url vbt.bin $KBL_VBT_URL $KBL_VBT_SHA "Video BIOS Table"
check_and_get_url cpu_microcode_blob.bin $KBL_UCODE_URL $KBL_UCODE_SHA "Intel Microcode Update"
echo ""
echo "Blobs have been downloaded/verified and are ready for use"
check_and_get_tools() {
check_and_get_url $CBFSTOOL_FILE $CBFSTOOL_URL $CBFSTOOL_SHA "cbfstool"
chmod +x $CBFSTOOL_BIN
check_and_get_url $IFDTOOL_FILE $IFDTOOL_URL $IFDTOOL_SHA "ifdtool"
chmod +x $IFDTOOL_BIN
}
# get tools for extraction
#check_and_get_tools
# get/verify blobs
check_and_get_blob descriptor.bin $KBL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_and_get_blob me.bin $KBL_ME_SHA "Intel ME firmware"
check_and_get_blob fspm.bin $KBL_FSPM_SHA "FSP-M"
check_and_get_blob fsps.bin $KBL_FSPS_SHA "FSP-S"
check_and_get_blob vbt.bin $KBL_VBT_SHA "Video BIOS Table"
check_and_get_blob cpu_microcode_blob.bin $KBL_UCODE_SHA "Intel Microcode Update"
#clean up after ourselves
rm -f $CBFSTOOL_BIN >/dev/null 2>&1
rm -f $IFDTOOL_BIN >/dev/null 2>&1
rm -f $COREBOOT_IMAGE >/dev/null 2>&1
rm -f *.gz >/dev/null 2>&1
echo ""
echo "All blobs have been verified and are ready for use"

275
blobs/librem_skl/get_blobs.sh

@ -1,43 +1,32 @@
#!/bin/bash -e
# depends on : wget sha256sum python2.7 bspatch pv
# depends on : wget sha256sum gunzip
# Librem 13 v2 and Librem 15 v3 binary blob hashes
# Purism source
PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/master"
# Librem 13 v2/v3 and Librem 15 v3 binary blob hashes
SKL_UCODE_SHA="9c84936df700d74612a99e6ab581640ecf423d25a0b74a1ea23a6d9872349213"
SKL_DESCRIPTOR_SHA="d5110807c9d67cea6d546ac62125d87042a868177241be4ae17a2dbedef10017"
SKL_ME_NOCONF_SHA="70f07be7934bdbb215c66455a2b0d32651f3b2ecaf2519d83d8ca9cf475cc366"
SKL_ME_SHA="3042150c7f655293a69bcf886836732fc451439ae551a2babf3173f4f0d9a8d3"
SKL_FSP_SHA="a7dfec436f5a21a66b5a455775599d73a95170a3446849a34e89a64a2bb69820"
SKL_FSPM_SHA="7a1acc72073969e6753bbfe145f06c3f4d35e2516cb241641eae968705e2cc46"
SKL_FSPS_SHA="0dac94d249473e9d366597fd1f96a0232fb7bf045a3d08f16784961273351822"
SKL_VBT_SHA="51fa214ca44a61b171662d4c2ca6adc1aa3dc6c3d7a24bf9ae5f249f012d61c0"
SKL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524"
SKL_ME_SHA="cf06d3eb8b24490a1ab46fd988b6cef822e5347cd6a2e92bc332cb4a376eb8bc"
SKL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d"
SKL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf"
SKL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98"
# FSP downloadable from Github
SKL_UCODE_URL="https://github.com/platomav/CPUMicrocodes/raw/bfb23e48eb84dff1495d1c8789f133a1b684de27/Intel/cpu406E3_platC0_ver000000C2_2017-11-16_PRD_C6C6F699.bin"
SKL_FSP_URL="https://github.com/IntelFsp/FSP/raw/8267cde09763c0c699704fbae10e6bd121f01b6a/KabylakeFspBinPkg/Fsp.fd"
SKL_VBT_URL="https://github.com/IntelFsp/FSP/raw/8267cde09763c0c699704fbae10e6bd121f01b6a/KabylakeFspBinPkg/SampleCode/Vbt/Vbt.bin"
SKL_FSP_SPLIT_URL="https://raw.githubusercontent.com/tianocore/edk2/e8a70885d8f34533b6dd69878fe95a249e9af086/IntelFsp2Pkg/Tools/SplitFspBin.py"
SKL_FSP_SPLIT_SHA="f654f6363de68ad78b1baf8b8e573b53715c3bc76f7f3c23562641e49a7033f3"
ME_CLEANER_URL="https://github.com/corna/me_cleaner/raw/9e1611fdf21426d66a29a5ea62b7e30d512859e6/me_cleaner.py"
ME_CLEANER_SHA="412e95538c46d6d4d456987a8897b3d0ad1df118c51378a350540eef51c242d4"
# cbfstool, ifdtool, coreboot image from Purism repo
CBFSTOOL_FILE="cbfstool.gz"
CBFSTOOL_URL="$PURISM_SOURCE/tools/$CBFSTOOL_FILE"
CBFSTOOL_SHA="3994cba01a51dd34388c8be89fd329f91575c12e499dfe1b81975d9fd115ce58"
CBFSTOOL_BIN="./cbfstool"
SKL_DESCRIPTOR_URL="https://source.puri.sm/coreboot/coreboot-files/raw/master/descriptor-skl.bin"
SKL_ME_PATCH_URL="https://source.puri.sm/coreboot/coreboot-files/raw/master/me11.0.18_config.bspatch"
SKL_ME_PATCH_SHA="49019f89206d6371b1377cf738426c3b0ac60c4b1bb89d5d5de00481e7e4fece"
IFDTOOL_FILE="ifdtool.gz"
IFDTOOL_URL="$PURISM_SOURCE/tools/$IFDTOOL_FILE"
IFDTOOL_SHA="08228ece4968794499ebd49a851f7d3f7f1b81352da8cd6e0c7916ac931a7d72"
IFDTOOL_BIN="./ifdtool"
# Link found on : http://www.win-raid.com/t832f39-Intel-Engine-Firmware-Repositories.html
# Update link if it changes and becomes invalid.
SKL_ME_RAR_URL="https://mega.nz/#!2ElyFQDT!cC0gTlH8rB9EWD4MGX0mVElT94BauqFn-dBKuoEselc"
SKL_ME_FILENAME="11.0.18.1002_CON_LP_C_NPDM_PRD_RGN.bin"
SKL_ME_FULL_FILENAME="Intel CSME 11.0 Firmware Repository Pack r53/$SKL_ME_FILENAME"
SKL_ME_RAR_SHA="1450d7ea985fbcf0ea79ba61bdc71ed3c5de52a6a82f14c07120b6b321e97352"
# Needed to download SKL_ME_RAR_URL
MEGADOWN_URL="https://github.com/tonikelope/megadown.git"
MEGADOWN_GOOD_COMMIT="83c53ddad1c32bf6d35c61fcd12a2fa94271ff77"
# Might be required to compile unrar in case unrar-nonfree is not installed
RAR_NONFREE_SOURCE_URL="https://www.rarlab.com/rar/unrarsrc-5.5.8.tar.gz"
RAR_NONFREE_SOURCE_SHA="9b66e4353a9944bc140eb2a919ff99482dd548f858f5e296d809e8f7cdb2fcf4"
COREBOOT_IMAGE="coreboot-l13v3.rom"
COREBOOT_IMAGE_FILE="$COREBOOT_IMAGE.gz"
COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v3/$COREBOOT_IMAGE_FILE"
COREBOOT_IMAGE_SHA="34276a7b82624cfb29aed688df7f2b4e747a9e951196e376732e972c8575ece6"
die () {
local msg=$1
@ -47,183 +36,89 @@ die () {
exit 1
}
check_binary () {
local filename=$1
local hash=$2
if [ ! -f "$filename" ]; then
die "Binary blob file '$filename' does not exist"
fi
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Extracted binary '$filename' has the wrong SHA256 hash"
fi
}
check_and_get_url () {
filename=$1
url=$2
hash=$3
description=$4
local filename=$1
local url=$2
local hash=$3
local description=$4
if [ -f "$filename" ]; then
sha=$(sha256sum "$filename" | awk '{print $1}')
fi
if [ "$sha" != "$hash" ]; then
wget -O "$filename" "$url"
echo " Downloading $description..."
wget -O "$filename" "$url" >/dev/null 2>&1
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
if [ "${filename: -3}" == ".gz" ]; then
gunzip -k $filename
fi
fi
}
get_and_split_fsp () {
fsp="fsp.fd"
fsp_M="fsp_M.fd"
fsp_S="fsp_S.fd"
fsp_T="fsp_T.fd"
fspm="fspm.bin"
fsps="fsps.bin"
fsp_split="SplitFspBin.py"
check_and_get_blob () {
local filename=$1
local hash=$2
local description=$3
if [ -f "$fspm" ]; then
fspm_sha=$(sha256sum "$fspm" | awk '{print $1}')
echo "Checking $filename"
if [ -f "$filename" ]; then
sha=$(sha256sum "$filename" | awk '{print $1}')
fi
if [ -f "$fsps" ]; then
fsps_sha=$(sha256sum "$fsps" | awk '{print $1}')
fi
# No FSP-M or FSP-S
if [ "$fspm_sha" != "$SKL_FSPM_SHA" ] || [ "$fsps_sha" != "$SKL_FSPS_SHA" ]; then
if [ -f "$fsp" ]; then
fsp_sha=$(sha256sum "$fsp" | awk '{print $1}')
fi
# No FSP.fd
if [ "$fsp_sha" != "$SKL_FSP_SHA" ]; then
wget -O "$fsp" "$SKL_FSP_URL"
fsp_sha=$(sha256sum "$fsp" | awk '{print $1}')
if [ "$fsp_sha" != "$SKL_FSP_SHA" ]; then
die "Downloaded FSP image has the wrong SHA256 hash"
fi
fi
# No FspSplit
if [ -f "$fsp_split" ]; then
split_sha=$(sha256sum "$fsp_split" | awk '{print $1}')
fi
if [ "$split_sha" != "$SKL_FSP_SHA" ]; then
wget -O "$fsp_split" "$SKL_FSP_SPLIT_URL"
split_sha=$(sha256sum "$fsp_split" | awk '{print $1}')
if [ "$split_sha" != "$SKL_FSP_SPLIT_SHA" ]; then
die "Downloaded FSP Split Tool has the wrong SHA256 hash"
fi
fi
python2 "$fsp_split" split -f "$fsp"
if [ -f "$fsp_M" ]; then
mv "$fsp_M" "$fspm"
fi
if [ -f "$fsp_S" ]; then
mv "$fsp_S" "$fsps"
fi
fspm_sha=$(sha256sum "$fspm" | awk '{print $1}')
fsps_sha=$(sha256sum "$fsps" | awk '{print $1}')
if [ "$fspm_sha" != "$SKL_FSPM_SHA" ] || [ "$fsps_sha" != "$SKL_FSPS_SHA" ]; then
die "Extracted FSP images have the wrong SHA256 hash"
fi
rm -f "$fsp"
rm -f "$fsp_split"
rm -f "$fsp_T"
fi
}
get_and_patch_me_11 () {
if [ -f "me.bin" ]; then
sha=$(sha256sum "me.bin" | awk '{print $1}')
fi
if [ "$sha" != "$SKL_ME_SHA" ]; then
local rar_filename=me_11_repository.rar
local unrar='unrar-nonfree'
if [ -f "$rar_filename" ]; then
sha=$(sha256sum "$rar_filename" | awk '{print $1}')
fi
if ! type "$unrar" &> /dev/null; then
wget -O unrar.tar.gz "$RAR_NONFREE_SOURCE_URL"
sha=$(sha256sum unrar.tar.gz | awk '{print $1}')
if [ "$sha" != "$RAR_NONFREE_SOURCE_SHA" ]; then
die "Unrar source package has the wrong SHA256 hash"
fi
tar -xzvf unrar.tar.gz
(
cd unrar
make
)
unrar="`pwd`/unrar/unrar"
fi
if [ "$sha" != "$SKL_ME_RAR_SHA" ]; then
if [ ! -d megadown ]; then
git clone $MEGADOWN_URL
fi
(
cd megadown
git checkout $MEGADOWN_GOOD_COMMIT
echo -e "\n\nDownloading ME 11 Repository from $SKL_ME_RAR_URL"
echo "Please be patient while the download finishes..."
./megadown "$SKL_ME_RAR_URL" -o ../$rar_filename 2>/dev/null
)
sha=$(sha256sum "$rar_filename" | awk '{print $1}')
if [ "$sha" != "$SKL_ME_RAR_SHA" ]; then
# We'll assume the rar file was updated again
me_dirname=$("$unrar" l "$rar_filename" | grep '\.\.\.D\.\.\.' | tr -s [:blank:] | cut -d' ' -f 6-)
SKL_ME_FULL_FILENAME="$me_dirname/$SKL_ME_FILENAME"
fi
fi
if type "$unrar" &> /dev/null; then
"$unrar" e -y "$rar_filename" "$SKL_ME_FULL_FILENAME"
if [ "$sha" != "$hash" ]; then
# get tools
check_and_get_tools
# extract from coreboot image
check_and_get_url $COREBOOT_IMAGE_FILE $COREBOOT_IMAGE_URL $COREBOOT_IMAGE_SHA "precompiled coreboot image"
echo "Extracting $filename"
if [ $filename = "descriptor.bin" ]; then
$IFDTOOL_BIN -x $COREBOOT_IMAGE >/dev/null 2>&1
mv flashregion_0_flashdescriptor.bin descriptor.bin
echo "Extracting me.bin"
mv flashregion_2_intel_me.bin me.bin
rm flashregion_* > /dev/null 2>&1
elif [ $filename = "me.bin" ]; then
$IFDTOOL_BIN -x $COREBOOT_IMAGE >/dev/null 2>&1
mv flashregion_2_intel_me.bin me.bin
rm flashregion_* > /dev/null 2>&1
else
die "Couldn't extract ME image. Requires unrar-nonfree"
$CBFSTOOL_BIN $COREBOOT_IMAGE extract -n $filename -f $filename >/dev/null 2>&1
fi
sha=""
if [ -f "$SKL_ME_FILENAME" ]; then
sha=$(sha256sum "$SKL_ME_FILENAME" | awk '{print $1}')
sha=$(sha256sum "$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
if [ "$sha" != "$SKL_ME_NOCONF_SHA" ]; then
die "Couldn't extract ME image with the correct SHA256 hash"
fi
check_and_get_url me11.0.18_config.bspatch $SKL_ME_PATCH_URL $SKL_ME_PATCH_SHA "ME Patch"
bspatch "$SKL_ME_FILENAME" "me.bin" me11.0.18_config.bspatch
rm -f me11.0.18_config.bspatch
rm -f "$SKL_ME_FILENAME"
rm -f "$rar_filename"
fi
}
apply_me_cleaner() {
if [ -f "me_cleaner.py" ]; then
sha=$(sha256sum "me_cleaner.py" | awk '{print $1}')
fi
if [ "$sha" != "$ME_CLEANER_SHA" ]; then
wget -O "me_cleaner.py" "$ME_CLEANER_URL"
sha=$(sha256sum "me_cleaner.py" | awk '{print $1}')
if [ "$sha" != "$ME_CLEANER_SHA" ]; then
die "Downloaded ME Cleaner has the wrong SHA256 hash"
fi
fi
cat descriptor.bin me.bin > desc_me.bin
python2 "me_cleaner.py" -s desc_me.bin
python2 "me_cleaner.py" -w "MFS" me.bin
dd if=desc_me.bin of=descriptor.bin bs=4096 count=1
rm -f desc_me.bin
rm -f me_cleaner.py
echo ""
check_and_get_tools() {
check_and_get_url $CBFSTOOL_FILE $CBFSTOOL_URL $CBFSTOOL_SHA "cbfstool"
chmod +x $CBFSTOOL_BIN
check_and_get_url $IFDTOOL_FILE $IFDTOOL_URL $IFDTOOL_SHA "ifdtool"
chmod +x $IFDTOOL_BIN
}
check_and_get_url descriptor.bin $SKL_DESCRIPTOR_URL $SKL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_binary descriptor.bin $SKL_DESCRIPTOR_SHA
get_and_patch_me_11
check_binary me.bin $SKL_ME_SHA
apply_me_cleaner
get_and_split_fsp
check_binary fspm.bin $SKL_FSPM_SHA
check_binary fsps.bin $SKL_FSPS_SHA
check_and_get_url vbt.bin $SKL_VBT_URL $SKL_VBT_SHA "Video BIOS Table"
check_and_get_url cpu_microcode_blob.bin $SKL_UCODE_URL $SKL_UCODE_SHA "Intel Microcode Update"
# get tools for extraction
#check_and_get_tools
# get/verify blobs
check_and_get_blob descriptor.bin $SKL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_and_get_blob me.bin $SKL_ME_SHA "Intel ME firmware"
check_and_get_blob fspm.bin $SKL_FSPM_SHA "FSP-M"
check_and_get_blob fsps.bin $SKL_FSPS_SHA "FSP-S"
check_and_get_blob vbt.bin $SKL_VBT_SHA "Video BIOS Table"
check_and_get_blob cpu_microcode_blob.bin $SKL_UCODE_SHA "Intel Microcode Update"
#clean up after ourselves
rm -f $CBFSTOOL_BIN >/dev/null 2>&1
rm -f $IFDTOOL_BIN >/dev/null 2>&1
rm -f $COREBOOT_IMAGE >/dev/null 2>&1
rm -f *.gz >/dev/null 2>&1
echo ""
echo "All blobs have been verified and are ready for use"