#!/bin/bash

set -e

function usage() {
    echo -n \
        "Usage: $(basename "$0") path_to_output_directory
Download Intel ME firmware from Lenovo, neutralize, and shrink.
"
}

ME_BIN_HASH="b7cf4c0cf514bbf279d9fddb12c34fca5c1c23e94b000c26275369b924ab9c25"

if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
    if [[ "${1:-}" == "--help" ]]; then
        usage
    else
        if [[ -z "${COREBOOT_DIR}" ]]; then
            echo "ERROR: No COREBOOT_DIR variable defined."
            exit 1
        fi

        if [[ ! -f "$1/me.bin" ]]; then
            pushd "$(mktemp -d)"

            curl -O https://download.lenovo.com/pccbbs/mobiles/glrg22ww.exe
            innoextract glrg22ww.exe

            mv app/ME9.1_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner"

            popd

            pushd "${COREBOOT_DIR}/util/me_cleaner"

            # Neutralize and shrink Intel ME. Note that this doesn't include
            # --soft-disable to set the "ME Disable" or "ME Disable B" (e.g., High
            # Assurance Program) bits, as they are defined within the Flash
            # Descriptor.
            # https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot
            python me_cleaner.py -r -t -O me_shrinked.bin ME9.1_5M_Production.bin

            popd

            mv "${COREBOOT_DIR}/util/me_cleaner/me_shrinked.bin" "$1/me.bin"
            rm "${COREBOOT_DIR}/util/me_cleaner/"*.bin
        fi

        if ! echo "${ME_BIN_HASH} $1/me.bin" | sha256sum --check; then
            echo "ERROR: SHA256 checksum for me.bin doesn't match."
            exit 1
        fi
    fi
fi