From 43d1b4ed81910b0b93557595e340a25dfe37492c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 10 Nov 2023 14:48:06 -0500 Subject: [PATCH 01/10] xx30: have all xx30 download me automatically. Signed-off-by: Thierry Laurion --- .circleci/config.yml | 6 -- blobs/xx30/download_clean_me.sh | 84 +++++++++---------- blobs/xx30/download_clean_me_manually.sh | 56 +++++++++++++ .../UNTESTED_t530-dgpu-hotp-maximized.config | 9 ++ .../UNTESTED_t530-dgpu-maximized.config | 9 ++ .../UNTESTED_t530-hotp-maximized.config | 9 ++ .../UNTESTED_t530-maximized.config | 9 ++ ...TED_w530-dgpu-K1000m-hotp-maximized.config | 9 ++ ...UNTESTED_w530-dgpu-K1000m-maximized.config | 9 ++ ...TED_w530-dgpu-K2000m-hotp-maximized.config | 9 ++ ...UNTESTED_w530-dgpu-K2000m-maximized.config | 9 ++ .../t430-hotp-maximized.config | 9 ++ boards/t430-maximized/t430-maximized.config | 9 ++ .../w530-hotp-maximized.config | 9 ++ boards/w530-maximized/w530-maximized.config | 9 ++ .../x230-hotp-maximized-fhd_edp.config | 9 ++ .../x230-hotp-maximized.config | 9 ++ .../x230-hotp-maximized_usb-kb.config | 9 ++ .../x230-maximized-fhd_edp.config | 9 ++ boards/x230-maximized/x230-maximized.config | 9 ++ 20 files changed, 249 insertions(+), 50 deletions(-) create mode 100755 blobs/xx30/download_clean_me_manually.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 2b75dfe1..9c07b022 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -95,12 +95,6 @@ jobs: command: | ./blobs/xx20/download_parse_me.sh - - run: - name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree) - # me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py - command: | - ./blobs/xx30/download_clean_me.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py) - - run: name: Download and extract t530 vbios roms for dgpu boards command: | diff --git a/blobs/xx30/download_clean_me.sh b/blobs/xx30/download_clean_me.sh index 08c09477..f572bce7 100755 --- a/blobs/xx30/download_clean_me.sh +++ b/blobs/xx30/download_clean_me.sh @@ -4,53 +4,49 @@ function printusage { echo "Usage: $0 -m (optional)" } -BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +ME_BIN_HASH="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4" -if [ "$#" -eq 0 ]; then printusage; fi - -while getopts ":m:" opt; do - case $opt in - m) - if [ -x "$OPTARG" ]; then - MECLEAN="$OPTARG" +if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then + if [[ "${1:-}" == "--help" ]]; then + usage + else + if [[ -z "${COREBOOT_DIR}" ]]; then + echo "ERROR: No COREBOOT_DIR variable defined." + exit 1 fi - ;; - esac -done -FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin" -ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe" -ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin" + output_dir="$(realpath "${1:-./}")" + if [[ ! -f "${output_dir}/me.bin" ]]; then + # Unpack Lenovo's Windows installer into a temporary directory and + # extract the Intel ME blob. + pushd "$(mktemp -d)" -if [ -z "$MECLEAN" ]; then - MECLEAN=`command -v $BLOBDIR/../../build/x86/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1` - if [ -z "$MECLEAN" ]; then - echo "me_cleaner.py required but not found or specified with -m. Aborting." - exit 1; - fi + curl -O https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe + innoextract g1rg24ww.exe + + mv app/ME8_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner" + + popd + + # Neutralize and shrink Intel ME. Note that this doesn't include + # --soft-disable to set the "ME Disable" or "ME Disable B" (e.g., + # High Assurance Program) bits, as they are defined within the Flash + # Descriptor. + # https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot + pushd "${COREBOOT_DIR}/util/me_cleaner" + + python me_cleaner.py -r -t -O me_shrinked.bin ME8_5M_Production.bin + + mv me_shrinked.bin "${output_dir}/me.bin" + #rm ./*.bin + + popd + fi + + if ! echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then + echo "ERROR: SHA256 checksum for me.bin doesn't match." + exit 1 + fi + fi fi - -echo "### Creating temp dir" -extractdir=$(mktemp -d) -cd "$extractdir" - -echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..." -wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || { echo "ERROR: wget not found" && exit 1; } -echo "### Verifying expected hash of g1rg24ww.exe" -echo "$ME_EXE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; } - -echo "### Extracting g1rg24ww.exe..." -innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed on host?" && exit 1;} -echo "### Verifying expected hash of app/ME8_5M_Production.bin" -echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; } - -echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " -$MECLEAN -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin -echo "### Verifying expected hash of me.bin" -echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; } - - -echo "###Cleaning up..." -cd - -rm -r "$extractdir" diff --git a/blobs/xx30/download_clean_me_manually.sh b/blobs/xx30/download_clean_me_manually.sh new file mode 100755 index 00000000..08c09477 --- /dev/null +++ b/blobs/xx30/download_clean_me_manually.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -m (optional)" +} + +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":m:" opt; do + case $opt in + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + esac +done + +FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin" +ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe" +ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin" + + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v $BLOBDIR/../../build/x86/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "### Creating temp dir" +extractdir=$(mktemp -d) +cd "$extractdir" + +echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..." +wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || { echo "ERROR: wget not found" && exit 1; } +echo "### Verifying expected hash of g1rg24ww.exe" +echo "$ME_EXE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; } + +echo "### Extracting g1rg24ww.exe..." +innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed on host?" && exit 1;} +echo "### Verifying expected hash of app/ME8_5M_Production.bin" +echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; } + +echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " +$MECLEAN -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin +echo "### Verifying expected hash of me.bin" +echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; } + + +echo "###Cleaning up..." +cd - +rm -r "$extractdir" diff --git a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config index e0d0bcae..8778bb4a 100644 --- a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config +++ b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config index 446157e8..88415f90 100644 --- a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config +++ b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config index 3228c3cd..155cfea4 100644 --- a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config +++ b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config index 098e617b..430f52af 100644 --- a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config +++ b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config index 4f801981..52a82dc2 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config index fb0649bf..4c8a5b60 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config index 70ed7023..11985304 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config index baa822e4..59c2cf1a 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 45f982d8..369e20bd 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -73,5 +73,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index a8e32a67..58ce48a3 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -74,5 +74,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index 75516c56..d18d5109 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index 5587c1ff..13347e55 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -75,5 +75,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index accbc52b..96a3d924 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -87,5 +87,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index 08b16f66..1b56eb82 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -78,5 +78,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index dd860cdc..37a714c4 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -77,5 +77,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index 8e53f5d9..40541a0c 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -87,5 +87,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index 28e23b9e..e0a1162a 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -78,5 +78,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb From 1fea3e446316e5e6857eddb161e221f7f13551d1 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 10 Nov 2023 14:51:59 -0500 Subject: [PATCH 02/10] t530-dgpu boards : have the boards call vbios download script automatically. Breaks on debian-12 as of now but should work on debian-11 for others, gems say deprecated calls.... Signed-off-by: Thierry Laurion --- .../UNTESTED_t530-dgpu-hotp-maximized.config | 6 ++++-- .../UNTESTED_t530-dgpu-maximized.config | 5 ++++- .../UNTESTED_w530-dgpu-K1000m-hotp-maximized.config | 5 ++++- .../UNTESTED_w530-dgpu-K1000m-maximized.config | 5 ++++- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config index 8778bb4a..001562b6 100644 --- a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config +++ b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config @@ -77,12 +77,14 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0def.rom $(pwd)/blobs/xx30/8086,0106.rom $(pwd)/blobs/xx30/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +$(pwd)/blobs/xx30/10de,0def.rom: + $(pwd)/blobs/xx30/vbios_t530.sh + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config index 88415f90..e6f4e229 100644 --- a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config +++ b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config @@ -77,12 +77,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0def.rom $(pwd)/blobs/xx30/8086,0106.rom $(pwd)/blobs/xx30/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +$(pwd)/blobs/xx30/10de,0def.rom: + $(pwd)/blobs/xx30/vbios_t530.sh + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config index 52a82dc2..675ce302 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config @@ -77,12 +77,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffc.rom $(pwd)/blobs/xx30/8086,0106.rom $(pwd)/blobs/xx30/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +$(pwd)/blobs/xx30/10de,0ffc.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config index 4c8a5b60..e75323f3 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config @@ -77,12 +77,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffc.rom $(pwd)/blobs/xx30/8086,0106.rom $(pwd)/blobs/xx30/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +$(pwd)/blobs/xx30/10de,0ffc.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb From 0d6cba852b0b048189d09cd799cb9f1d39ac14e4 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 10 Nov 2023 15:00:55 -0500 Subject: [PATCH 03/10] w530-dgpu K2000 boards : have the boards call vbios download script automatically. Breaks on debian-12 as of now but should work on debian-11 for others, gems say deprecated calls.... Signed-off-by: Thierry Laurion --- .../UNTESTED_w530-dgpu-K2000m-hotp-maximized.config | 5 ++++- .../UNTESTED_w530-dgpu-K2000m-maximized.config | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config index 11985304..14cf8ddd 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config @@ -77,12 +77,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffb.rom $(pwd)/blobs/xx30/8086,0106.rom $(pwd)/blobs/xx30/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +$(pwd)/blobs/xx30/10de,0ffb.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config index 59c2cf1a..d99671ab 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config @@ -77,12 +77,15 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin + $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffb.rom $(pwd)/blobs/xx30/8086,0106.rom $(pwd)/blobs/xx30/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +$(pwd)/blobs/xx30/10de,0ffb.rom: + $(pwd)/blobs/xx30/vbios_w530.sh + # Generate split 4MB top / 8MB bottom ROMs BOARD_TARGETS := split_8mb4mb From 24571d91bcb4aa93c4ef8e08d095c6d45e7995ce Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 10 Nov 2023 15:03:46 -0500 Subject: [PATCH 04/10] CircleCI: readd xx30 call to have ME downloaded for all boards. Next commit will remove all those to test boards downloading of all blobs, but this is not desirable for CI where we want blobs to be downloaded once in prep step not from each board. Signed-off-by: Thierry Laurion --- .circleci/config.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9c07b022..21947fa2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -95,6 +95,12 @@ jobs: command: | ./blobs/xx20/download_parse_me.sh + - run: + name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree) + # me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py + command: | + ./blobs/xx30/download_clean_me_manual.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py) + - run: name: Download and extract t530 vbios roms for dgpu boards command: | From 753aa3950380559bd9e293c985e4b798f6871201 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 10 Nov 2023 15:04:48 -0500 Subject: [PATCH 05/10] CircleCI: test commit to have all boards download their own blobs Signed-off-by: Thierry Laurion --- .circleci/config.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 21947fa2..c16a7ff3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -95,22 +95,6 @@ jobs: command: | ./blobs/xx20/download_parse_me.sh - - run: - name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree) - # me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py - command: | - ./blobs/xx30/download_clean_me_manual.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py) - - - run: - name: Download and extract t530 vbios roms for dgpu boards - command: | - ./blobs/xx30/vbios_t530.sh - - - run: - name: Download and extract w530 vbios roms for dgpu boards - command: | - ./blobs/xx30/vbios_w530.sh - - persist_to_workspace: root: ~/ paths: From 197914b396694356108d5db10c52f47d843588cc Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 2 Jan 2024 13:23:33 -0500 Subject: [PATCH 06/10] xx20 boards and circleci: Have boards download extract and neuter me by board config Fix https://github.com/linuxboot/heads/issues/1569 part of error linked to me not being available in blobs/xx20/me.bin Signed-off-by: Thierry Laurion --- .circleci/config.yml | 4 ---- .../UNTESTED_t520-hotp-maximized.config | 10 +++++++++- .../UNTESTED_t520-maximized.config | 10 +++++++++- boards/t420-hotp-maximized/t420-hotp-maximized.config | 10 +++++++++- boards/t420-maximized/t420-maximized.config | 9 +++++++++ boards/x220-hotp-maximized/x220-hotp-maximized.config | 10 +++++++++- boards/x220-maximized/x220-maximized.config | 10 +++++++++- 7 files changed, 54 insertions(+), 9 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c16a7ff3..b6a64d0c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -90,10 +90,6 @@ jobs: #If precedent cache not found. Restore cache for musl-cross-make module digest (rarely modified). #Otherwise, we build cleanly. - heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} - - run: - name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree) - command: | - ./blobs/xx20/download_parse_me.sh - persist_to_workspace: root: ~/ diff --git a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config index fc182f7c..5c6a6dc3 100644 --- a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config +++ b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config @@ -29,7 +29,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -67,3 +66,12 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode= # xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin # - blobs/xx20/download_parse_me.sh # To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh diff --git a/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config b/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config index 590c8b5b..71e54fc8 100644 --- a/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config +++ b/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config @@ -29,7 +29,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -67,3 +66,12 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode= # xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin # - blobs/xx20/download_parse_me.sh # To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index 8a01df8a..192707a3 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -33,7 +33,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -71,3 +70,12 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode= # xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin # - blobs/xx20/download_parse_me.sh # To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index f9d9f628..716804be 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -69,3 +69,12 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode= # xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin # - blobs/xx20/download_parse_me.sh # To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index 28197056..b0edf3e0 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -33,7 +33,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -71,3 +70,12 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode= # xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin # - blobs/xx20/download_parse_me.sh # To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index 6e718a0d..27252da3 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -33,7 +33,6 @@ CONFIG_PCIUTILS=y CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y - #Remote attestation support #TPM based requirements export CONFIG_TPM=y @@ -71,3 +70,12 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode= # xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin # - blobs/xx20/download_parse_me.sh # To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh From de951f7156b6cdf17cdbfe49a5c04ea52ccb75b7 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 2 Jan 2024 18:46:34 -0500 Subject: [PATCH 07/10] CircleCI : readd blobs cache in prep step to download once and pass through workspace cache Signed-off-by: Thierry Laurion --- .circleci/config.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index b6a64d0c..697ba368 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -90,6 +90,26 @@ jobs: #If precedent cache not found. Restore cache for musl-cross-make module digest (rarely modified). #Otherwise, we build cleanly. - heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + - run: + name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree) + command: | + ./blobs/xx20/download_parse_me.sh + + - run: + name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree) + # me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py + command: | + ./blobs/xx30/download_clean_me_manually.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py) + + - run: + name: Download and extract t530 vbios roms for dgpu boards + command: | + ./blobs/xx30/vbios_t530.sh + + - run: + name: Download and extract w530 vbios roms for dgpu boards + command: | + ./blobs/xx30/vbios_w530.sh - persist_to_workspace: root: ~/ From f2079dbe4435f9130242996057fa51b1a534e70b Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 4 Jan 2024 13:10:57 -0500 Subject: [PATCH 08/10] blobs/xx30 scripts: cleanup and don't continue if hash is good Signed-off-by: Thierry Laurion --- blobs/xx30/download_clean_me.sh | 93 +++++++++++++----------- blobs/xx30/download_clean_me_manually.sh | 51 ++++++++----- 2 files changed, 82 insertions(+), 62 deletions(-) diff --git a/blobs/xx30/download_clean_me.sh b/blobs/xx30/download_clean_me.sh index f572bce7..a259a647 100755 --- a/blobs/xx30/download_clean_me.sh +++ b/blobs/xx30/download_clean_me.sh @@ -6,47 +6,54 @@ function printusage { ME_BIN_HASH="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4" -if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then - if [[ "${1:-}" == "--help" ]]; then - usage - else - if [[ -z "${COREBOOT_DIR}" ]]; then - echo "ERROR: No COREBOOT_DIR variable defined." - exit 1 - fi - - output_dir="$(realpath "${1:-./}")" - - if [[ ! -f "${output_dir}/me.bin" ]]; then - # Unpack Lenovo's Windows installer into a temporary directory and - # extract the Intel ME blob. - pushd "$(mktemp -d)" - - curl -O https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe - innoextract g1rg24ww.exe - - mv app/ME8_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner" - - popd - - # Neutralize and shrink Intel ME. Note that this doesn't include - # --soft-disable to set the "ME Disable" or "ME Disable B" (e.g., - # High Assurance Program) bits, as they are defined within the Flash - # Descriptor. - # https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot - pushd "${COREBOOT_DIR}/util/me_cleaner" - - python me_cleaner.py -r -t -O me_shrinked.bin ME8_5M_Production.bin - - mv me_shrinked.bin "${output_dir}/me.bin" - #rm ./*.bin - - popd - fi - - if ! echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then - echo "ERROR: SHA256 checksum for me.bin doesn't match." - exit 1 - fi - fi +if [ -e "${output_dir}/me.bin" ]; then + echo "me.bin already exists" + if echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then + echo "SKIPPING: SHA256 checksum for me.bin matches." + exit 0 + fi + echo "me.bin exists but checksum doesn't match. Continuing..." +fi + +if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then + if [[ "${1:-}" == "--help" ]]; then + usage + else + if [[ -z "${COREBOOT_DIR}" ]]; then + echo "ERROR: No COREBOOT_DIR variable defined." + exit 1 + fi + + output_dir="$(realpath "${1:-./}")" + + if [[ ! -f "${output_dir}/me.bin" ]]; then + # Unpack Lenovo's Windows installer into a temporary directory and + # extract the Intel ME blob. + pushd "$(mktemp -d)" || exit + + curl -O https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe + innoextract g1rg24ww.exe + + mv app/ME8_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner" + rm -rf ./* + popd || exit + + # Neutralize and shrink Intel ME. Note that this doesn't include + # --soft-disable to set the "ME Disable" or "ME Disable B" (e.g., + # High Assurance Program) bits, as they are defined within the Flash + # Descriptor. + # https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot + pushd "${COREBOOT_DIR}/util/me_cleaner" || exit + + python me_cleaner.py -r -t -O me_shrinked.bin ME8_5M_Production.bin + rm -f ME8_5M_Production.bin + mv me_shrinked.bin "${output_dir}/me.bin" + popd || exit + fi + + if ! echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then + echo "ERROR: SHA256 checksum for me.bin doesn't match." + exit 1 + fi + fi fi diff --git a/blobs/xx30/download_clean_me_manually.sh b/blobs/xx30/download_clean_me_manually.sh index 08c09477..c2cfc9d3 100755 --- a/blobs/xx30/download_clean_me_manually.sh +++ b/blobs/xx30/download_clean_me_manually.sh @@ -4,53 +4,66 @@ function printusage { echo "Usage: $0 -m (optional)" } -BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +BLOBDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin" +ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe" +ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin" if [ "$#" -eq 0 ]; then printusage; fi while getopts ":m:" opt; do case $opt in - m) - if [ -x "$OPTARG" ]; then - MECLEAN="$OPTARG" - fi - ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + *) + ;; esac done -FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin" -ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe" -ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin" - +if [ -e "$BLOBDIR/me.bin" ]; then + echo "$BLOBDIR/me.bin found..." + if ! echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check; then + echo "$BLOBDIR/me.bin doesn't pass integrity validation. Continuing..." + rm -f "$BLOBDIR/me.bin" + else + echo "$BLOBDIR/me.bin already extracted and neutered outside of ROMP and BUP" + exit 0 + fi +fi if [ -z "$MECLEAN" ]; then - MECLEAN=`command -v $BLOBDIR/../../build/x86/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1` + MECLEAN=$(command -v "$BLOBDIR/../../build/x86/coreboot-"*/util/me_cleaner/me_cleaner.py 2>&1 | head -n1) if [ -z "$MECLEAN" ]; then echo "me_cleaner.py required but not found or specified with -m. Aborting." - exit 1; + exit 1 fi fi echo "### Creating temp dir" extractdir=$(mktemp -d) -cd "$extractdir" +cd "$extractdir" || exit echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..." -wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || { echo "ERROR: wget not found" && exit 1; } +wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || { echo "ERROR: wget not found" && exit 1; } echo "### Verifying expected hash of g1rg24ww.exe" echo "$ME_EXE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; } echo "### Extracting g1rg24ww.exe..." -innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed on host?" && exit 1;} +innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed on host?" && exit 1; } echo "### Verifying expected hash of app/ME8_5M_Production.bin" echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; } -echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " -$MECLEAN -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin +bioscopy="some_value" # Assign a value to the bioscopy variable + +echo "### Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " +"$MECLEAN" -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin echo "### Verifying expected hash of me.bin" echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; } +echo "### Cleaning up..." +cd - >/dev/null -echo "###Cleaning up..." -cd - rm -r "$extractdir" From d7c2bda11200e9f9caed10d5f030ccfcd083b30b Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 4 Jan 2024 13:22:41 -0500 Subject: [PATCH 09/10] blobs/xx20/download_parse_me.sh: cleanup and don't continue if hash is good Signed-off-by: Thierry Laurion --- blobs/xx20/download_parse_me.sh | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/blobs/xx20/download_parse_me.sh b/blobs/xx20/download_parse_me.sh index 09c67b9a..894a2e06 100755 --- a/blobs/xx20/download_parse_me.sh +++ b/blobs/xx20/download_parse_me.sh @@ -6,10 +6,20 @@ FINAL_ME_BIN_SHA256SUM="1eef6716aa61dd844d58eca15a85faa1bf5f82715defd30bd3373e79 ME_EXE_SHA256SUM="48f18d49f3c7c79fa549a980f14688bc27c18645f64d9b6827a15ef5c547d210 83rf46ww.exe" ME7_5M_UPD_PRODUCTION_SHA256SUM="760b0776b99ba94f56121d67c1f1226c77f48bd3b0799e1357a51842c79d3d36 app/ME7_5M_UPD_Production.bin" +if [ -e "$BLOBDIR/me.bin" ]; then + echo "$BLOBDIR/me.bin found..." + if ! echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check; then + echo "$BLOBDIR/me.bin doesn't pass integrity validation. Continuing..." + rm -f "$BLOBDIR/me.bin" + else + echo "$BLOBDIR/me.bin already extracted and neutered outside of BUP" + exit 0 + fi +fi echo "### Creating temp dir" extractdir=$(mktemp -d) -cd "$extractdir" +cd "$extractdir" || exit 1 echo "### Downloading https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/83rf46ww.exe..." wget https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/83rf46ww.exe || { echo "ERROR: wget not found" && exit 1; } @@ -23,13 +33,13 @@ echo "### Verifying expected hash of app/ME7_5M_UPD_Production.bin" echo "$ME7_5M_UPD_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; } -echo "###Generating neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... " -python3 "$BLOBDIR/me7_update_parser.py" -O "$BLOBDIR/me.bin" app/ME7_5M_UPD_Production.bin || { echo "Failed to generate ME binary..." && exit 1; } +echo "###Generating neuter+deactivate+maximize reduction of ME on app/ME7_5M_UPD_Production.bin, outputting minimized ME under $BLOBDIR/me.bin... " +( python3 "$BLOBDIR/me7_update_parser.py" -O "$BLOBDIR/me.bin" app/ME7_5M_UPD_Production.bin ) || { echo "Failed to generate ME binary..." && exit 1; } echo "### Verifying expected hash of me.bin" echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; } echo "###Cleaning up..." -cd - +cd - || exit 1 rm -r "$extractdir" From 77f9933538fe00d9cbf1ed0887c4758f9b10bb77 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 4 Jan 2024 13:48:52 -0500 Subject: [PATCH 10/10] xx20/xx30 blob based boards: move ME blobs target outside of board configs (targets/xx*_blobs.mk) Makefile: have inclusion of all defined $BOARD BOARD_TARGETS (me, split_8mb4mb, ...) TODO: VBIOS scripts for W530/T530 need way more work. To be done later. Signed-off-by: Thierry Laurion --- Makefile | 2 +- .../UNTESTED_t520-hotp-maximized.config | 14 ++----------- .../UNTESTED_t520-maximized.config | 14 ++----------- .../UNTESTED_t530-dgpu-hotp-maximized.config | 15 +++----------- .../UNTESTED_t530-dgpu-maximized.config | 16 +++------------ .../UNTESTED_t530-hotp-maximized.config | 20 +++---------------- .../UNTESTED_t530-maximized.config | 20 +++---------------- ...TED_w530-dgpu-K1000m-hotp-maximized.config | 8 +++----- ...UNTESTED_w530-dgpu-K1000m-maximized.config | 8 +++----- ...TED_w530-dgpu-K2000m-hotp-maximized.config | 8 +++----- ...UNTESTED_w530-dgpu-K2000m-maximized.config | 8 +++----- .../t420-hotp-maximized.config | 14 ++----------- boards/t420-maximized/t420-maximized.config | 14 ++----------- .../t430-hotp-maximized.config | 20 +++---------------- boards/t430-maximized/t430-maximized.config | 20 +++---------------- boards/t440p-maximized/t440p-maximized.config | 2 +- .../w530-hotp-maximized.config | 20 +++---------------- boards/w530-maximized/w530-maximized.config | 20 +++---------------- boards/w541-maximized/w541-maximized.config | 2 +- .../x220-hotp-maximized.config | 14 ++----------- boards/x220-maximized/x220-maximized.config | 14 ++----------- .../x230-hotp-maximized-fhd_edp.config | 20 +++---------------- .../x230-hotp-maximized.config | 20 +++---------------- .../x230-hotp-maximized_usb-kb.config | 20 +++---------------- .../x230-maximized-fhd_edp.config | 20 +++---------------- boards/x230-maximized/x230-maximized.config | 20 +++---------------- targets/xx20_me_blobs.mk | 15 ++++++++++++++ targets/xx30_me_blobs.mk | 18 +++++++++++++++++ 28 files changed, 99 insertions(+), 307 deletions(-) create mode 100644 targets/xx20_me_blobs.mk create mode 100644 targets/xx30_me_blobs.mk diff --git a/Makefile b/Makefile index a0264e2b..6c8bf962 100644 --- a/Makefile +++ b/Makefile @@ -82,7 +82,7 @@ $(error "Unexpected value of $$(CONFIG_TARGET_ARCH): $(CONFIG_TARGET_ARCH)") endif ifneq "$(BOARD_TARGETS)" "" -include targets/$(BOARD_TARGETS).mk +include $(foreach TARGET,$(BOARD_TARGETS),targets/$(TARGET).mk) endif # Create directories if they don't already exist diff --git a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config index 5c6a6dc3..f9061c24 100644 --- a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config +++ b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config @@ -63,15 +63,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx20/me.bin - - -$(pwd)/blobs/xx20/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx20/download_parse_me.sh +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config b/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config index 71e54fc8..f23da0aa 100644 --- a/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config +++ b/boards/UNTESTED_t520-maximized/UNTESTED_t520-maximized.config @@ -63,15 +63,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx20/me.bin - - -$(pwd)/blobs/xx20/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx20/download_parse_me.sh +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config index 001562b6..0eb5f2a2 100644 --- a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config +++ b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config @@ -67,24 +67,15 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0def.rom $(pwd)/blobs/xx30/8086,0106.rom -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs $(pwd)/blobs/xx30/10de,0def.rom: $(pwd)/blobs/xx30/vbios_t530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config index e6f4e229..9266ad80 100644 --- a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config +++ b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config @@ -67,25 +67,15 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0def.rom $(pwd)/blobs/xx30/8086,0106.rom - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs $(pwd)/blobs/xx30/10de,0def.rom: $(pwd)/blobs/xx30/vbios_t530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config index 155cfea4..c44d6fe3 100644 --- a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config +++ b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config @@ -67,22 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config index 430f52af..42eab8f3 100644 --- a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config +++ b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config @@ -67,22 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config index 675ce302..b8add650 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config @@ -79,13 +79,11 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffc.rom $(pwd)/blobs/xx30/8086,0106.rom - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs $(pwd)/blobs/xx30/10de,0ffc.rom: $(pwd)/blobs/xx30/vbios_w530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config index e75323f3..d913a4c1 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config @@ -79,13 +79,11 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffc.rom $(pwd)/blobs/xx30/8086,0106.rom - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs $(pwd)/blobs/xx30/10de,0ffc.rom: $(pwd)/blobs/xx30/vbios_w530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config index 14cf8ddd..238fa8ef 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config @@ -79,13 +79,11 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffb.rom $(pwd)/blobs/xx30/8086,0106.rom - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs $(pwd)/blobs/xx30/10de,0ffb.rom: $(pwd)/blobs/xx30/vbios_w530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config index d99671ab..4de99bc9 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config @@ -79,13 +79,11 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ $(pwd)/blobs/xx30/me.bin $(pwd)/blobs/xx30/10de,0ffb.rom $(pwd)/blobs/xx30/8086,0106.rom - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs $(pwd)/blobs/xx30/10de,0ffb.rom: $(pwd)/blobs/xx30/vbios_w530.sh # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index 192707a3..12c8dac2 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -67,15 +67,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx20/me.bin - - -$(pwd)/blobs/xx20/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx20/download_parse_me.sh +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index 716804be..431079d4 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -66,15 +66,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx20/me.bin - - -$(pwd)/blobs/xx20/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx20/download_parse_me.sh +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 369e20bd..574dcfa8 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -65,22 +65,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index 58ce48a3..8c2a5e13 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -66,22 +66,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index 34f7bfbf..4df8061d 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -53,4 +53,4 @@ $(pwd)/blobs/t440p/me.bin: $(pwd)/blobs/t440p/download-clean-me $(pwd)/blobs/t440p # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index d18d5109..85ce7c90 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -67,22 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index 13347e55..f210e638 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -67,22 +67,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index 220229f5..60006edd 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -53,4 +53,4 @@ $(pwd)/blobs/w541/me.bin: $(pwd)/blobs/w541/download-clean-me $(pwd)/blobs/w541 # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index b0edf3e0..95dae6fa 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -67,15 +67,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx20/me.bin - - -$(pwd)/blobs/xx20/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx20/download_parse_me.sh +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS := xx20_me_blobs diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index 27252da3..abbfd0c8 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -67,15 +67,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" -# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin -# - blobs/xx20/download_parse_me.sh -# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx20/me.bin - - -$(pwd)/blobs/xx20/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx20/download_parse_me.sh +#Include bits related to sandybridge ME blob download/neutering down to BUP +BOARD_TARGETS += xx20_me_blobs diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index 96a3d924..f6726e33 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -79,22 +79,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized-eDP" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index 1b56eb82..3bb4d842 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -70,22 +70,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 37a714c4..13c06b05 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -69,22 +69,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized_usb-kb" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index 40541a0c..938e96c7 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -79,22 +79,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized-eDP" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index e0a1162a..58a81476 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -70,22 +70,8 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" -# xx30-*-maximized boards require of you initially call one of the -# following to have gbe.bin ifd.bin and me.bin -# - blobs/xx30/download_clean_me.sh -# To download Lenovo original ME binary, neuter+deactivate ME, produce -# reduced IFD ME region and expanded BIOS IFD region. -# - blobs/xx30/extract.sh -# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. - -# Make the Coreboot build depend on the following 3rd party blobs: -$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ - $(pwd)/blobs/xx30/me.bin - - -$(pwd)/blobs/xx30/me.bin: - COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30 +#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP +BOARD_TARGETS := xx30_me_blobs # Generate split 4MB top / 8MB bottom ROMs -BOARD_TARGETS := split_8mb4mb +BOARD_TARGETS += split_8mb4mb diff --git a/targets/xx20_me_blobs.mk b/targets/xx20_me_blobs.mk new file mode 100644 index 00000000..c398184a --- /dev/null +++ b/targets/xx20_me_blobs.mk @@ -0,0 +1,15 @@ +# Targets for downloading xx20 ME blob, neutering it down to BUP region and deactivating ME. + +# xx20 boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin +# - blobs/xx20/download_parse_me.sh +# To download Lenovo update ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx20/me.bin + + +$(pwd)/blobs/xx20/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx20/download_parse_me.sh + diff --git a/targets/xx30_me_blobs.mk b/targets/xx30_me_blobs.mk new file mode 100644 index 00000000..98aa8fa8 --- /dev/null +++ b/targets/xx30_me_blobs.mk @@ -0,0 +1,18 @@ +# Targets for downloading xx30 ME blob, neutering it down to BUP+ROMP region and deactivating ME. + +# xx30-*-maximized boards require of you initially call one of the +# following to have gbe.bin ifd.bin and me.bin +# - blobs/xx30/download_clean_me.sh +# To download Lenovo original ME binary, neuter+deactivate ME, produce +# reduced IFD ME region and expanded BIOS IFD region. +# - blobs/xx30/extract.sh +# To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. + +# Make the Coreboot build depend on the following 3rd party blobs: +$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ + $(pwd)/blobs/xx30/me.bin + + +$(pwd)/blobs/xx30/me.bin: + COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ + $(pwd)/blobs/xx30/download_clean_me.sh $(pwd)/blobs/xx30