ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9fcd5f8fe4
heads/blobs/xx30/extract.sh
tlaurion 36c04f19e4
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703) 
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.

* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)

* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. 
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.

* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 17:01:44 -05:00

69 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
function printusage {
echo "Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional)"
exit 0
}
BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
if [ "$#" -eq 0 ]; then printusage; fi
while getopts ":f:m:i:" opt; do
case $opt in
f)
FILE="$OPTARG"
;;
m)
if [ -x "$OPTARG" ]; then
MECLEAN="$OPTARG"
fi
;;
i)
if [ -x "$OPTARG" ]; then
IFDTOOL="$OPTARG"
fi
;;
esac
done
if [ -z "$MECLEAN" ]; then
MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1`
if [ -z "$MECLEAN" ]; then
echo "me_cleaner.py required but not found or specified with -m. Aborting."
exit 1;
fi
fi
if [ -z "$IFDTOOL" ]; then
IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1|head -n1`
if [ -z "$IFDTOOL" ]; then
echo "ifdtool required but not found or specified with -m. Aborting."
exit 1;
fi
fi
echo "FILE: $FILE"
echo "ME: $MECLEAN"
echo "IFD: $IFDTOOL"
bioscopy=$(mktemp)
extractdir=$(mktemp -d)
echo "###Copying $FILE under $bioscopy"
cp "$FILE" $bioscopy
cd "$extractdir"
echo "###Unlocking $bioscopy IFD..."
$IFDTOOL -u $bioscopy
echo "###Extracting regions from ROM..."
$IFDTOOL -x $bioscopy
echo "###Copying GBE region under $BLOBDIR/gbe.bin..."
cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin"
echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin and adapting BIOS+ME regions under $BLOBDIR/ifd.bin... "
$MECLEAN -r -t -d -O /tmp/unneeded.bin -D "$BLOBDIR/ifd.bin" -M "$BLOBDIR/me.bin" "$bioscopy"
echo "###Cleaning up..."
rm "$bioscopy"
rm -r "$extractdir"
Reference in New Issue View Git Blame Copy Permalink