mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-23 14:52:27 +00:00
36c04f19e4
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations. * Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!) * xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place. Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space. * CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
69 lines
1.7 KiB
Bash
Executable File
69 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
function printusage {
|
|
echo "Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional)"
|
|
exit 0
|
|
}
|
|
|
|
BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
|
|
if [ "$#" -eq 0 ]; then printusage; fi
|
|
|
|
while getopts ":f:m:i:" opt; do
|
|
case $opt in
|
|
f)
|
|
FILE="$OPTARG"
|
|
;;
|
|
m)
|
|
if [ -x "$OPTARG" ]; then
|
|
MECLEAN="$OPTARG"
|
|
fi
|
|
;;
|
|
i)
|
|
if [ -x "$OPTARG" ]; then
|
|
IFDTOOL="$OPTARG"
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ -z "$MECLEAN" ]; then
|
|
MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1`
|
|
if [ -z "$MECLEAN" ]; then
|
|
echo "me_cleaner.py required but not found or specified with -m. Aborting."
|
|
exit 1;
|
|
fi
|
|
fi
|
|
|
|
if [ -z "$IFDTOOL" ]; then
|
|
IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1|head -n1`
|
|
if [ -z "$IFDTOOL" ]; then
|
|
echo "ifdtool required but not found or specified with -m. Aborting."
|
|
exit 1;
|
|
fi
|
|
fi
|
|
|
|
echo "FILE: $FILE"
|
|
echo "ME: $MECLEAN"
|
|
echo "IFD: $IFDTOOL"
|
|
|
|
bioscopy=$(mktemp)
|
|
extractdir=$(mktemp -d)
|
|
|
|
echo "###Copying $FILE under $bioscopy"
|
|
cp "$FILE" $bioscopy
|
|
|
|
cd "$extractdir"
|
|
echo "###Unlocking $bioscopy IFD..."
|
|
$IFDTOOL -u $bioscopy
|
|
echo "###Extracting regions from ROM..."
|
|
$IFDTOOL -x $bioscopy
|
|
echo "###Copying GBE region under $BLOBDIR/gbe.bin..."
|
|
cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin"
|
|
echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin and adapting BIOS+ME regions under $BLOBDIR/ifd.bin... "
|
|
$MECLEAN -r -t -d -O /tmp/unneeded.bin -D "$BLOBDIR/ifd.bin" -M "$BLOBDIR/me.bin" "$bioscopy"
|
|
|
|
echo "###Cleaning up..."
|
|
rm "$bioscopy"
|
|
rm -r "$extractdir"
|