diff --git a/.circleci/config.yml b/.circleci/config.yml index 2b75dfe1..697ba368 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -99,7 +99,7 @@ jobs: name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree) # me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py command: | - ./blobs/xx30/download_clean_me.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py) + ./blobs/xx30/download_clean_me_manually.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py) - run: name: Download and extract t530 vbios roms for dgpu boards diff --git a/Makefile b/Makefile index a0264e2b..6c8bf962 100644 --- a/Makefile +++ b/Makefile @@ -82,7 +82,7 @@ $(error "Unexpected value of $$(CONFIG_TARGET_ARCH): $(CONFIG_TARGET_ARCH)") endif ifneq "$(BOARD_TARGETS)" "" -include targets/$(BOARD_TARGETS).mk +include $(foreach TARGET,$(BOARD_TARGETS),targets/$(TARGET).mk) endif # Create directories if they don't already exist diff --git a/blobs/xx20/download_parse_me.sh b/blobs/xx20/download_parse_me.sh index 09c67b9a..894a2e06 100755 --- a/blobs/xx20/download_parse_me.sh +++ b/blobs/xx20/download_parse_me.sh @@ -6,10 +6,20 @@ FINAL_ME_BIN_SHA256SUM="1eef6716aa61dd844d58eca15a85faa1bf5f82715defd30bd3373e79 ME_EXE_SHA256SUM="48f18d49f3c7c79fa549a980f14688bc27c18645f64d9b6827a15ef5c547d210 83rf46ww.exe" ME7_5M_UPD_PRODUCTION_SHA256SUM="760b0776b99ba94f56121d67c1f1226c77f48bd3b0799e1357a51842c79d3d36 app/ME7_5M_UPD_Production.bin" +if [ -e "$BLOBDIR/me.bin" ]; then + echo "$BLOBDIR/me.bin found..." + if ! echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check; then + echo "$BLOBDIR/me.bin doesn't pass integrity validation. Continuing..." + rm -f "$BLOBDIR/me.bin" + else + echo "$BLOBDIR/me.bin already extracted and neutered outside of BUP" + exit 0 + fi +fi echo "### Creating temp dir" extractdir=$(mktemp -d) -cd "$extractdir" +cd "$extractdir" || exit 1 echo "### Downloading https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/83rf46ww.exe..." wget https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/83rf46ww.exe || { echo "ERROR: wget not found" && exit 1; } @@ -23,13 +33,13 @@ echo "### Verifying expected hash of app/ME7_5M_UPD_Production.bin" echo "$ME7_5M_UPD_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; } -echo "###Generating neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " -python3 "$BLOBDIR/me7_update_parser.py" -O "$BLOBDIR/me.bin" app/ME7_5M_UPD_Production.bin || { echo "Failed to generate ME binary..." && exit 1; } +echo "###Generating neuter+deactivate+maximize reduction of ME on app/ME7_5M_UPD_Production.bin, outputting minimized ME under $BLOBDIR/me.bin... " +( python3 "$BLOBDIR/me7_update_parser.py" -O "$BLOBDIR/me.bin" app/ME7_5M_UPD_Production.bin ) || { echo "Failed to generate ME binary..." && exit 1; } echo "### Verifying expected hash of me.bin" echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; } echo "###Cleaning up..." -cd - +cd - || exit 1 rm -r "$extractdir" diff --git a/blobs/xx30/download_clean_me.sh b/blobs/xx30/download_clean_me.sh index 08c09477..a259a647 100755 --- a/blobs/xx30/download_clean_me.sh +++ b/blobs/xx30/download_clean_me.sh @@ -4,53 +4,56 @@ function printusage { echo "Usage: $0 -m (optional)" } -BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +ME_BIN_HASH="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4" -if [ "$#" -eq 0 ]; then printusage; fi - -while getopts ":m:" opt; do - case $opt in - m) - if [ -x "$OPTARG" ]; then - MECLEAN="$OPTARG" - fi - ;; - esac -done - -FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin" -ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe" -ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin" - - -if [ -z "$MECLEAN" ]; then - MECLEAN=`command -v $BLOBDIR/../../build/x86/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1` - if [ -z "$MECLEAN" ]; then - echo "me_cleaner.py required but not found or specified with -m. Aborting." - exit 1; +if [ -e "${output_dir}/me.bin" ]; then + echo "me.bin already exists" + if echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then + echo "SKIPPING: SHA256 checksum for me.bin matches." + exit 0 fi + echo "me.bin exists but checksum doesn't match. Continuing..." fi -echo "### Creating temp dir" -extractdir=$(mktemp -d) -cd "$extractdir" +if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then + if [[ "${1:-}" == "--help" ]]; then + usage + else + if [[ -z "${COREBOOT_DIR}" ]]; then + echo "ERROR: No COREBOOT_DIR variable defined." + exit 1 + fi -echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..." -wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || { echo "ERROR: wget not found" && exit 1; } -echo "### Verifying expected hash of g1rg24ww.exe" -echo "$ME_EXE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; } + output_dir="$(realpath "${1:-./}")" -echo "### Extracting g1rg24ww.exe..." -innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed on host?" && exit 1;} -echo "### Verifying expected hash of app/ME8_5M_Production.bin" -echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; } + if [[ ! -f "${output_dir}/me.bin" ]]; then + # Unpack Lenovo's Windows installer into a temporary directory and + # extract the Intel ME blob. + pushd "$(mktemp -d)" || exit -echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " -$MECLEAN -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin -echo "### Verifying expected hash of me.bin" -echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; } + curl -O https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe + innoextract g1rg24ww.exe + mv app/ME8_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner" + rm -rf ./* + popd || exit -echo "###Cleaning up..." -cd - -rm -r "$extractdir" + # Neutralize and shrink Intel ME. Note that this doesn't include + # --soft-disable to set the "ME Disable" or "ME Disable B" (e.g., + # High Assurance Program) bits, as they are defined within the Flash + # Descriptor. + # https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot + pushd "${COREBOOT_DIR}/util/me_cleaner" || exit + + python me_cleaner.py -r -t -O me_shrinked.bin ME8_5M_Production.bin + rm -f ME8_5M_Production.bin + mv me_shrinked.bin "${output_dir}/me.bin" + popd || exit + fi + + if ! echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then + echo "ERROR: SHA256 checksum for me.bin doesn't match." + exit 1 + fi + fi +fi diff --git a/blobs/xx30/download_clean_me_manually.sh b/blobs/xx30/download_clean_me_manually.sh new file mode 100755 index 00000000..c2cfc9d3 --- /dev/null +++ b/blobs/xx30/download_clean_me_manually.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -m (optional)" +} + +BLOBDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin" +ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe" +ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin" + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":m:" opt; do + case $opt in + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + *) + ;; + esac +done + +if [ -e "$BLOBDIR/me.bin" ]; then + echo "$BLOBDIR/me.bin found..." + if ! echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check; then + echo "$BLOBDIR/me.bin doesn't pass integrity validation. Continuing..." + rm -f "$BLOBDIR/me.bin" + else + echo "$BLOBDIR/me.bin already extracted and neutered outside of ROMP and BUP" + exit 0 + fi +fi + +if [ -z "$MECLEAN" ]; then + MECLEAN=$(command -v "$BLOBDIR/../../build/x86/coreboot-"*/util/me_cleaner/me_cleaner.py 2>&1 | head -n1) + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1 + fi +fi + +echo "### Creating temp dir" +extractdir=$(mktemp -d) +cd "$extractdir" || exit + +echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..." +wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || { echo "ERROR: wget not found" && exit 1; } +echo "### Verifying expected hash of g1rg24ww.exe" +echo "$ME_EXE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; } + +echo "### Extracting g1rg24ww.exe..." +innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed on host?" && exit 1; } +echo "### Verifying expected hash of app/ME8_5M_Production.bin" +echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; } + +bioscopy="some_value" # Assign a value to the bioscopy variable + +echo "### Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " +"$MECLEAN" -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin +echo "### Verifying expected hash of me.bin" +echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; } + +echo "### Cleaning up..." +cd - >/dev/null + +rm -r "$extractdir" diff --git a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config index fc182f7c..f9061c24 100644 --- a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config +++ b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config @@ -29,7 +29,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -64,6 +63,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config b/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config index 590c8b5b..f23da0aa 100644 --- a/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config +++ b/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config @@ -29,7 +29,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -64,6 +63,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config index e0d0bcae..0eb5f2a2 100644 --- a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config +++ b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config @@ -67,13 +67,15 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0def.rom $(pwd)/blobs/xx30/8086,0106.rom + +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs + +$(pwd)/blobs/xx30/10de,0def.rom: + $(pwd)/blobs/xx30/vbios_t530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config index 446157e8..9266ad80 100644 --- a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config +++ b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config @@ -67,13 +67,15 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0def.rom $(pwd)/blobs/xx30/8086,0106.rom + +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs + +$(pwd)/blobs/xx30/10de,0def.rom: + $(pwd)/blobs/xx30/vbios_t530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config index 3228c3cd..c44d6fe3 100644 --- a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config +++ b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config @@ -67,13 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config index 098e617b..42eab8f3 100644 --- a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config +++ b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config @@ -67,13 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config index 4f801981..b8add650 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config @@ -75,5 +75,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffc.rom $(pwd)/blobs/xx30/8086,0106.rom + +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs + +$(pwd)/blobs/xx30/10de,0ffc.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config index fb0649bf..d913a4c1 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config @@ -75,5 +75,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffc.rom $(pwd)/blobs/xx30/8086,0106.rom + +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs + +$(pwd)/blobs/xx30/10de,0ffc.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config index 70ed7023..238fa8ef 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config @@ -75,5 +75,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffb.rom $(pwd)/blobs/xx30/8086,0106.rom + +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs + +$(pwd)/blobs/xx30/10de,0ffb.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config index baa822e4..4de99bc9 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config @@ -75,5 +75,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffb.rom $(pwd)/blobs/xx30/8086,0106.rom + +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs + +$(pwd)/blobs/xx30/10de,0ffb.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index 8a01df8a..12c8dac2 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -33,7 +33,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -68,6 +67,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index f9d9f628..431079d4 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -66,6 +66,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 45f982d8..574dcfa8 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -65,13 +65,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index a8e32a67..8c2a5e13 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -66,13 +66,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index 34f7bfbf..4df8061d 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -53,4 +53,4 @@ $(pwd)/blobs/t440p/me.bin: $(pwd)/blobs/t440p/download-clean-me $(pwd)/blobs/t440p # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index 75516c56..85ce7c90 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -67,13 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index 5587c1ff..f210e638 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -67,13 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index 220229f5..60006edd 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -53,4 +53,4 @@ $(pwd)/blobs/w541/me.bin: $(pwd)/blobs/w541/download-clean-me $(pwd)/blobs/w541 # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index 28197056..95dae6fa 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -33,7 +33,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -68,6 +67,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index 6e718a0d..abbfd0c8 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -33,7 +33,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -68,6 +67,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS += xx20_me_blobs diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index accbc52b..f6726e33 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -79,13 +79,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized-eDP" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index 08b16f66..3bb4d842 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -70,13 +70,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index dd860cdc..13c06b05 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -69,13 +69,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized_usb-kb" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index 8e53f5d9..938e96c7 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -79,13 +79,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized-eDP" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index 28e23b9e..58a81476 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -70,13 +70,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/targets/xx20_me_blobs.mk b/targets/xx20_me_blobs.mk new file mode 100644 index 00000000..c398184a --- /dev/null +++ b/targets/xx20_me_blobs.mk @@ -0,0 +1,15 @@ +# Targets for downloading xx20 ME blob, neutering it down to BUP region and deactivating ME. + +# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin +# - blobs/xx20/download_parse_me.sh +# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh + diff --git a/targets/xx30_me_blobs.mk b/targets/xx30_me_blobs.mk new file mode 100644 index 00000000..98aa8fa8 --- /dev/null +++ b/targets/xx30_me_blobs.mk @@ -0,0 +1,18 @@ +# Targets for downloading xx30 ME blob, neutering it down to BUP+ROMP region and deactivating ME. + +# xx30-*-maximized boards require of you initially call one of the +# following to have gbe.bin ifd.bin and me.bin +# - blobs/xx30/download_clean_me.sh +# To download Lenovo original ME binary, neuter+deactivate ME, produce +# reduced IFD ME region and expanded BIOS IFD region. +# - blobs/xx30/extract.sh +# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30