mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 23:26:44 +00:00
36c04f19e4
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations. * Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!) * xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place. Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space. * CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
57 lines
2.0 KiB
Bash
Executable File
57 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
function printusage {
|
|
echo "Usage: $0 -m <me_cleaner>(optional)"
|
|
}
|
|
|
|
BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
|
|
if [ "$#" -eq 0 ]; then printusage; fi
|
|
|
|
while getopts ":m:" opt; do
|
|
case $opt in
|
|
m)
|
|
if [ -x "$OPTARG" ]; then
|
|
MECLEAN="$OPTARG"
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin"
|
|
ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe"
|
|
ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin"
|
|
|
|
|
|
if [ -z "$MECLEAN" ]; then
|
|
MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1`
|
|
if [ -z "$MECLEAN" ]; then
|
|
echo "me_cleaner.py required but not found or specified with -m. Aborting."
|
|
exit 1;
|
|
fi
|
|
fi
|
|
|
|
echo "### Creating temp dir"
|
|
extractdir=$(mktemp -d)
|
|
cd "$extractdir"
|
|
|
|
echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..."
|
|
wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || ( echo "ERROR: wget not found" && exit 1 )
|
|
echo "### Verifying expected hash of g1rg24ww.exe"
|
|
echo "$ME_EXE_SHA256SUM" | sha256sum --check || ( echo "Failed sha256sum verification on downloaded binary..." && exit 1 )
|
|
|
|
echo "### Extracting g1rg24ww.exe..."
|
|
innoextract ./g1rg24ww.exe || exit 1 "Failed calling innoextract. Tool installed on host?"
|
|
echo "### Verifying expected hash of app/ME8_5M_Production.bin"
|
|
echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || ( echo "Failed sha256sum verification on extracted binary..." && exit 1 )
|
|
|
|
echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... "
|
|
$MECLEAN -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin
|
|
echo "### Verifying expected hash of me.bin"
|
|
echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || ( echo "Failed sha256sum verification on final binary..." && exit 1 )
|
|
|
|
|
|
echo "###Cleaning up..."
|
|
cd -
|
|
rm -r "$extractdir"
|