mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-11 15:32:48 +00:00
63eab714e5
Because we're using pushd/popd to make the Coreboot util invocation cleaner, we need to use realpath so that the scripts will work with any user input.
58 lines
1.7 KiB
Bash
Executable File
58 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
function usage() {
|
|
echo -n \
|
|
"Usage: $(basename "$0") path_to_output_directory
|
|
Download Intel ME firmware from Lenovo, neutralize, and shrink.
|
|
"
|
|
}
|
|
|
|
ME_BIN_HASH="b7cf4c0cf514bbf279d9fddb12c34fca5c1c23e94b000c26275369b924ab9c25"
|
|
|
|
if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
|
|
if [[ "${1:-}" == "--help" ]]; then
|
|
usage
|
|
else
|
|
if [[ -z "${COREBOOT_DIR}" ]]; then
|
|
echo "ERROR: No COREBOOT_DIR variable defined."
|
|
exit 1
|
|
fi
|
|
|
|
output_dir="$(realpath "${1:-./}")"
|
|
|
|
if [[ ! -f "${output_dir}/me.bin" ]]; then
|
|
# Unpack Lenovo's Windows installer into a temporary directory and
|
|
# extract the Intel ME blob.
|
|
pushd "$(mktemp -d)"
|
|
|
|
curl -O https://download.lenovo.com/pccbbs/mobiles/glrg22ww.exe
|
|
innoextract glrg22ww.exe
|
|
|
|
mv app/ME9.1_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner"
|
|
|
|
popd
|
|
|
|
# Neutralize and shrink Intel ME. Note that this doesn't include
|
|
# --soft-disable to set the "ME Disable" or "ME Disable B" (e.g.,
|
|
# High Assurance Program) bits, as they are defined within the Flash
|
|
# Descriptor.
|
|
# https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot
|
|
pushd "${COREBOOT_DIR}/util/me_cleaner"
|
|
|
|
python me_cleaner.py -r -t -O me_shrinked.bin ME9.1_5M_Production.bin
|
|
|
|
mv me_shrinked.bin "${output_dir}/me.bin"
|
|
rm ./*.bin
|
|
|
|
popd
|
|
fi
|
|
|
|
if ! echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then
|
|
echo "ERROR: SHA256 checksum for me.bin doesn't match."
|
|
exit 1
|
|
fi
|
|
fi
|
|
fi
|